Don’t Pay This Suspicious PayPal Invoice – It’s a Phishing Scam

For a phishing campaign To be successful, cybercriminals must first ensure that their decoys can reach potential victims, which is why they have recently turned to PayPal send false invoices.

According to a new report (opens in a new tab) from Checkpoint-owned cybersecurity firm Avanan, cybercriminals are now using the legitimacy of PayPal to reach the inboxes of unsuspecting users.

Starting in June this year, security researchers at the company first observed this new technique that uses PayPal to send malicious invoices and request payments. Cybercriminals behind this new campaign are using free PayPal accounts to send emails from the corporate domain while spoofing the popular anti-virus software Mark Norton.

After creating an account, cybercriminals use PayPal features to create false invoices in which they change the company name and fake phone numbers to make them more legit.

These fake invoices also include a message that reads: “Thank you for purchasing the Norton Security Premium plan, if you did not authorize this transaction, please call us with your credit card details.”

Unsuspecting users, who don’t remember signing up for Norton’s antivirus software, can call the number and provide their credit card details to avoid being changed. However, in doing so, they happily give attackers their phone number and payment information which can be used in future attacks.

The static highway

This isn’t the first time Avanan has observed cybercriminals abusing legitimate services in their attacks. In fact, just last month he released a report (opens in a new tab) detailing how QuickBooks was used to carry out a very similar type of attack.

Since QuickBooks and PayPal are on the allow lists of the best courier services, emails sent from either service are routed to the user’s inbox. Avanan calls it The static highway (opens in a new tab) and it refers to the practice of cybercriminals using static whitelisted websites to ensure that their phishing emails reach users’ inboxes.

In this case, Avanan notified PayPal of the new attack on July 19, and the company plans to update its report with additional information once it receives the payments giant’s response.

fish hook on a keyboard

(Image credit: Shutterstock)

How to avoid falling victim to this and other phishing scams

In order to avoid this phishing scam, users should first monitor their inboxes and PayPal accounts for fake invoices. If you receive an invoice for a product or service that you don’t remember buying, you should first check your PayPal account to see if you ordered something and forgot it. However, you should never call the phone number on fake invoices or provide your credit card details over the phone to anyone.

For those curious about the phone number on a fake bill, Avanan recommends users first look up the phone number in a search engine. You can also check a company’s website to see if the phone number provided on the invoice matches the one listed on their site.

Another important thing to watch out for when it comes to phishing emails is a sense of urgency. Cybercriminals and scammers often give potential victims a short amount of time to respond to their messages – this is a major red flag when it comes to scams and phishing emails.

Now that Avanan is raising awareness that cybercriminals are abusing legitimate services to send phishing emails, spoofed companies will likely require users to provide even more details during registration to prevent their services from being used for badly.

Comments are closed.