A new phishing scam targeting PayPal users has been identified by Fortinet’s FortiGuard Labs. The scam exploits PayPal’s system to trick users into linking their accounts to unauthorized addresses. Using genuine-looking emails and valid login pages, scammers bypass traditional phishing detection methods, posing significant risks to victims’ financial accounts. Fortinet’s CISO, Carl Windsor, highlights the importance of cybersecurity awareness in combating such threats.
The attack leverages Microsoft365’s Sender Rewriting Scheme (SRS) to send legitimate PayPal money requests that pass email authentication checks. Scammers create a Microsoft365 test domain and distribution lists with victim emails, then use PayPal’s money request feature to initiate the attack. Once users log into PayPal through the fraudulent request, their accounts are linked to the scammer’s account, granting them unauthorized access.
This phishing method is particularly deceptive because it uses entirely valid email addresses, URLs, and PayPal login pages, which are typically signs of legitimacy. Users may unwittingly compromise their accounts by acting on the scam’s requests. Windsor emphasizes the need for vigilance, advising users to avoid unsolicited emails, hover over links to verify their authenticity, and never enter login credentials unless certain of a website’s legitimacy.
To enhance protection, enabling two-factor authentication (2FA) on PayPal accounts is highly recommended. Additionally, organizations should train employees to recognize phishing attempts and implement email filtering rules to detect such scams. As cybercriminals continue to innovate, proactive cybersecurity measures and user awareness remain the best defenses against evolving threats.
References