eBay

imastawka · ‎18-06-2022

A newly discovered phishing campaign sees cybercriminals impersonating PayPal as they try to scare victims into giving away sensitive information.

Cybersecurity researchers from email security company Avanan recently spotted a new campaign that has so far been, relatively successful due to the fact that it doesn’t carry any links.

Usually, phishing works by redirecting people to malicious websites, via links shared in an email. In this campaign, however, there are no links present in the emails, which renders most email security solutions useless.

It starts in a similar fashion to all other campaigns - the victim will get an email, claiming to be from PayPal, saying they’ve purchased $500 worth of Dogecoin, and that if they want to cancel the order, they should call the number provided further below.

While we don’t know what happens should a victim actually call that number, there are two possibilities. Either the attackers try and persuade the victims into giving away sensitive information (for example, PayPal login data, or credit card info), or they “cancel” the pending Dogecoin order and go about their day.

In the latter scenario, what the attackers walk away with is the victim’s phone number, which can then be used to mount a more serious attack.

“Just one successful attack can lead to dozens of other ones,” the researchers said.

The phone number listed in the email is located in Hawaii, the researchers have found, but chances are, it’s just a routing number, and the actual threat actors are located elsewhere.

Major companies, such as PayPal, or Microsoft, are often impersonated by threat actors trying to scam people. To stay safe, it is important to always double-check the email address of the sender, make sure the email doesn’t have any suspicious typos or spelling errors, and make sure not to click any links, or download any attachments.

The attachments are most likely viruses or other forms of malware.

Most major companies have instant messaging customer support, as well as social media accounts, which can be used to verify whether or not they’d really sent out the email or not.

That PayPal alert email could just be a phishing scheme (msn.com)

bidicus*maximus · ‎19-06-2022

For PayPal, forward suspected fraudulent emails to: spoof@paypal.com... (for eBay it's spoof@ebay.com).

View solution in original post

papermoon.lady · ‎18-06-2022

I got something like 10 in a week recently - sent to an email address that I have never used for PP. Of course I didn't even open them, so I don't know what they said.

countessalmirena · ‎18-06-2022

It’s always best to contact PayPal (or whatever the company may be) via contact details on their own website.

Yes, quite worrying, the latest scams that are circulating.

papermoon.lady · ‎19-06-2022

Countess, I think that the scams have increased because people actually fall for them - all the time. It is like giving attention to toddlers who have a tantrum - they will do it again if you give them attention.

It is sad though.

bidicus*maximus · ‎19-06-2022

For PayPal, forward suspected fraudulent emails to: spoof@paypal.com... (for eBay it's spoof@ebay.com).

eBay

That PayPal alert email could just be a phishing scheme

That PayPal alert email could just be a phishing scheme

That PayPal alert email could just be a phishing scheme

That PayPal alert email could just be a phishing scheme

That PayPal alert email could just be a phishing scheme

That PayPal alert email could just be a phishing scheme

Featured Posts

NEW buyer education videos on your Refurbished listings

Exciting News – eBay is Coming to Retail Fest!

Changes to our Illegal drugs and drug paraphernalia policy