ADVERTISEMENT

PayPal ‘phish-free’ phishing attack could fool you (and your mother), CISO warns

Cybercriminals have deployed a new PayPal-involved email phishing attack – minus the phishing part – warns Fortinet’s head of security.

PayPal mobile phone

Image by Shutterstock

Stefanie Schappert
Stefanie Schappert Senior Journalist
Jan 9, 2025 Updated: 9 January 2025 3 min read
Fortinet PayPal phish-free phishing attack email
The phish-free phishing email is sent using a legitimate PayPal email address and includes a genuine PayPal sign-in URL. Images by Fortinet.

How did the attackers pull it off?

Fortinet PayPal phish-free phishing attack request money
Image by Cybernews.
ADVERTISEMENT

Legitimate login URL is a ruse

Fortinet PayPal phish-free phishing attack linked
If the victim logs into PayPal, their account is immediately linked with the attacker's account. Image by Fortinet.

Preventing a non-traditional phishing attack

Konstancija Gasaityte Paulina Okunyte Jurgita Lapienyte Niamh Ancell
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.
  • Sender contains omnimicrosoft.com
  • Header contains From “service[@]paypal.com”
  • Subject contains money
ADVERTISEMENT