Avanan researchers have seen an uptick in attacks spoofing PayPal in an attempt to steal banking information utilizing an order confirmation letter to induce end-users to call a customer support number. Previously, Avanan discovered a similar attack that spoofs an Amazon order notification to obtain payment information.
Avanan’s cybersecurity research uncovered a new email campaign leveraging PayPal like the Amazon email. In this attack, threat actors send what looks like a PayPal confirmation notice, notifying the user that they bought hundreds of dollars of cryptocurrency. The only recourse to cancel the order is to reach customer service by phone.
The number listed on the email is a Hawaii-based number linked to scams asking for a credit card number and CVV to cancel the charge. This attack also works because there are no links in the email body. When there is a link, the email security solution can check whether it’s malicious. Without connections, it becomes more complicated.
With the combination of social engineering in the form of what looks like a fraudulent payment, and no malicious links or otherwise malicious text, this is a tricky attack that has proven hard to stop.
You can review the report by Avanan here so that you can protect yourself from this novel attack.
Like this:
Like Loading...
Related
This entry was posted on June 16, 2022 at 9:00 am and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Attack Spoofs PayPal to Obtain Banking Info: Avanan
Avanan researchers have seen an uptick in attacks spoofing PayPal in an attempt to steal banking information utilizing an order confirmation letter to induce end-users to call a customer support number. Previously, Avanan discovered a similar attack that spoofs an Amazon order notification to obtain payment information.
Avanan’s cybersecurity research uncovered a new email campaign leveraging PayPal like the Amazon email. In this attack, threat actors send what looks like a PayPal confirmation notice, notifying the user that they bought hundreds of dollars of cryptocurrency. The only recourse to cancel the order is to reach customer service by phone.
The number listed on the email is a Hawaii-based number linked to scams asking for a credit card number and CVV to cancel the charge. This attack also works because there are no links in the email body. When there is a link, the email security solution can check whether it’s malicious. Without connections, it becomes more complicated.
With the combination of social engineering in the form of what looks like a fraudulent payment, and no malicious links or otherwise malicious text, this is a tricky attack that has proven hard to stop.
You can review the report by Avanan here so that you can protect yourself from this novel attack.
Share this:
Like this:
Related
This entry was posted on June 16, 2022 at 9:00 am and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.