PayPal users targeted by stealthy phishing scam

A polished and sophisticated scam is targeting PayPal users. Like most scams, it has telltale signs of deception, which can be easily spotted if you look hard enough.

Researchers at Malwarebytes have uncovered a highly sophisticated phishing scam attacking PayPal users.

The scam uses various techniques that, to the untrained eye, would alarm and force the user to take action, making it easy for the victim to fall straight into the bad actor’s trap.

The actors behind this scam have successfully spoofed PayPal’s email address, which adds an extra layer of deception.

Email spoofing is when threat actors pretend to be someone else by sending emails with a fake sender address, Malwarebytes said. By doing this, a victim is more likely to believe that the email has come from the source and not a scammer.

By spoofing this email, users are more likely to trust that it has come from PayPal and may be more inclined to click on links or contact numbers associated with the email.

Another sign that researchers noted was the odd recipient address, which isn’t directly linked to the victim’s.

This is because the scammer has set up a distribution list to target people in bulk instead of targeting one victim.

Simpler and perhaps more telling signs that this is a phishing scam come from the content of the email.

Although the scammer has successfully copied the layout of an email typically sent by PayPal, the subject of the email and the action required are very different.

For example, this email asks the victim to set up their PayPal account profile. But instead, the text below says a new charge has been processed.

The text said that a new profile charge had been detected, and it was over $900, which would alarm anyone who hasn’t intentionally spent that much money via PayPal.

While it might seem legitimate, there are various warning signs that point to it being a phishing scam.

Don’t ignore the warning signs

Firstly, the urgency related to the message. PayPal claims that the link will expire in 24 hours, meaning that the person who received the email won’t be able to resolve the fake issue past this point.

Secondly, the amount of money is over $900 which is designed specifically to “grab your attention,” Malwarebytes said.

Thirdly, the introduction of cryptocurrency. The $900 supposedly taken out of the victim’s account was charged by Kraken.com, a cryptocurrency trading platform.

Usually, when victims are sent emails they didn’t intend to receive that require them to make a payment via cryptocurrency, it's typically a scam.

Finally, the phone number listed in the email is known by the Better Business Bureau, an internationally recognized business watchdog, as a number associated with scams, the researchers said.

This is where the scam gets stealthy

What’s more alarming is the link button within the email that actually leads to the PayPal website.

But, instead of sending a user to the payment dispute section or having them set up their account profile, this link allows a bad actor to be added to their PayPal account.

By adding a secondary user to your PayPal account, you essentially allow a second person to access your account, which could then be promptly cleared out.

While phishing attacks can be used to harvest credentials, in this instance, it's clearly being used to exploit users financially.

PayPal has a large user base of over 434 million people, making it a large attack surface for criminals looking to exploit vulnerable users.