Last month, researchers at Avanan released their findings on the QuickBooks phishing scam, where hackers send spoofed invoices from a legitimate QuickBooks account to get into user inboxes and steal credentials and money.
Researchers at Avanan have now observed hackers using this same technique, only now using the legitimacy of PayPal to bypass email scanners and successfully deliver fake invoices.
Like the previous attack, hackers present an invoice, encouraging victims to call with any questions. Users are asked to provide credit card details to cancel the transaction when calling the number provided.
Jeremy Fuchs, Cybersecurity Research Analyst at Avanan had this to say:
“This is yet another example of hackers taking advantage of static Allow Lists. PayPal is a trusted site, so security solutions are likely to trust content coming from the site. This is an effective way for hackers to land in the users’ inbox. Plus, since the email comes from PayPal, it looks more convincing. When looking at the message, end-users should be encouraged to not call unfamiliar phone numbers and to do a Google search of any phone numbers to see if it is legitimate.”
You can read the report here.