Researchers have uncovered a scam that targets PayPal users by leveraging legitimate PayPal tools to trick them into linking their accounts to unauthorized addresses which could give attackers control over their finances. The scammer appears to have registered an Microsoft 365 test domain, which is free for three months, and then created a Distribution List containing victim emails.
The research can be found here: https://www.fortinet.com/blog/threat-research/phish-free-paypal-phishing
What makes this interesting is that this will pass things like DKIM and DMARC. Also when it is examined by a human, it will pass all the usual tests for phishing. Which makes this pretty dangerous because by the time you figure out that this is a threat, you’ve already been pwned.
Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4, commented:
“I’ve seen similar attacks utilizing legitimate platform services, such as QuickBooks, that essentially do the same thing (i.e., uses a legitimate service to send a message from that service with a legitimate, recognizable URL to fool users into participating. I do think it’s important that the vendors involved in these types of scams (in this case, Microsoft and PayPal) work to prevent their services from being used in scams. I don’t think vendors scrutinize participants enough to prevent these sorts of scams. They could be doing more. At the same time, 99% of phishing scams have the same two attributes: 1) They arrive unexpectedly, and 2) Ask the user to do something they have never done before (at least for that sender). Any message, no matter how it arrives, no matter how legit it looks, with those two traits, should be investigated using trusted methods not involving anything communicated in the message before performing the requested action. Teach and drill that into your own behavior and teach others as well.”
Now this is a technique that I have seen before. Specially here where I came across a scam related other Microsoft 365 that used Microsoft’s own infrastructure to propagate it. Thus I would encourage you to read this report and be on the lookout for these sorts of emails. Because the threat actor behind this is clearly taking things to the next level.
Like this:
Like Loading...
Related
This entry was posted on January 8, 2025 at 1:26 pm and is filed under Commentary with tags Microsoft, Paypal, Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New PayPal Phishing Scam Exploits Microsoft 365
Researchers have uncovered a scam that targets PayPal users by leveraging legitimate PayPal tools to trick them into linking their accounts to unauthorized addresses which could give attackers control over their finances. The scammer appears to have registered an Microsoft 365 test domain, which is free for three months, and then created a Distribution List containing victim emails.
The research can be found here: https://www.fortinet.com/blog/threat-research/phish-free-paypal-phishing
What makes this interesting is that this will pass things like DKIM and DMARC. Also when it is examined by a human, it will pass all the usual tests for phishing. Which makes this pretty dangerous because by the time you figure out that this is a threat, you’ve already been pwned.
Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4, commented:
“I’ve seen similar attacks utilizing legitimate platform services, such as QuickBooks, that essentially do the same thing (i.e., uses a legitimate service to send a message from that service with a legitimate, recognizable URL to fool users into participating. I do think it’s important that the vendors involved in these types of scams (in this case, Microsoft and PayPal) work to prevent their services from being used in scams. I don’t think vendors scrutinize participants enough to prevent these sorts of scams. They could be doing more. At the same time, 99% of phishing scams have the same two attributes: 1) They arrive unexpectedly, and 2) Ask the user to do something they have never done before (at least for that sender). Any message, no matter how it arrives, no matter how legit it looks, with those two traits, should be investigated using trusted methods not involving anything communicated in the message before performing the requested action. Teach and drill that into your own behavior and teach others as well.”
Now this is a technique that I have seen before. Specially here where I came across a scam related other Microsoft 365 that used Microsoft’s own infrastructure to propagate it. Thus I would encourage you to read this report and be on the lookout for these sorts of emails. Because the threat actor behind this is clearly taking things to the next level.
Share this:
Like this:
Related
This entry was posted on January 8, 2025 at 1:26 pm and is filed under Commentary with tags Microsoft, Paypal, Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.