news 
PayPal Security Warning—$2,000 ‘Phish-Free’ Phishing Attack Confirmed
PayPal has issued a warning about a sophisticated phishing scam that is making the rounds. The attack, which has been confirmed to be in circulation, targets unsuspecting victims with an email requesting payment of $2,185.96.
The malicious tactic employed by the attackers is clever, as it exploits the trust and familiarity of PayPal’s users. Instead of using traditional phishing tactics like spelling mistakes or generic greetings, this attack involves sending an email that appears to be from a verified source, making it difficult for mailbox providers to distinguish it from genuine communications.
In this case, the scammers are leveraging the link between PayPal accounts and email addresses. They are exploiting the fact that your PayPal account address is linked to the address it was sent to, rather than the one it received at. This means that if you’re a victim of this attack, you may not even notice anything amiss until it’s too late.
The attackers have cleverly created a distribution list using Microsoft 365 test domains and are targeting corporate targets with an invoice request for $2,185.96. The aim is to get the unsuspecting victim to part with their hard-earned cash.
PayPal has emphasized that customers should remain vigilant and be cautious when receiving unsolicited payment requests, especially from unknown or unfamiliar sources. It advises against paying any unexpected or suspicious invoices or payment requests and not sharing personal information in response.
To stay safe, PayPal recommends:
* Remaining mindful when being asked to participate in a transaction with someone you don’t know or owe money to
* Not paying any unexpected or suspicious invoices or payment requests
* Changing your account password and contacting PayPal’s security team if you’ve shared personal information or clicked links
* Enabling two-factor authentication
* Reporting any phishing emails to the PayPal security team by forwarding them to [email protected] and then deleting them
It is crucial for users to be aware of these tactics and take necessary precautions to protect themselves.
Source: www.forbes.com
