HOME
NEWS

Exploring Phishing Emails from PayPal: An Avanan Report


By VARINDIA - 2022-07-28
Exploring Phishing Emails from PayPal: An Avanan Report

By Manish Alshi, Head of Channels and Growth Technologies - India & SAARC, Check Point Software Technologies

 

PayPal is known to be one of the world’s most foremost global digital payment platforms. It was a clear disappointment to many when PayPal announced that they would suspend all domestic and incoming international transaction operations for individual accounts in India on 1st April 2021. This means users are not able to top up their PayPal balance, rendering PayPal wallets defunct in India, except for online shopping. However, according to Statistica portal, PayPal usage during online shopping in India reached almost 50% as of March 2022, ensuring that they still have a role to play.

 

Check Point company, Avanan recently found that hackers are continuing to use phishing emails to get into customers’ inbox: through creating fake invoices in PayPal and using the legitimacy of the site to get into the inbox.

 

in June 2022, Avanan researchers have seen hackers use PayPal to send malicious invoices and request payments. The hackers send the email from PayPal’s domain, using a free PayPal account that they have signed up for, with the email body spoofing brands like Norton. In this attack brief, Avanan will analyze how hackers are leveraging legitimate and popular websites to get into inboxes and steal credentials and money.

 

Attack

In this attack, hackers are creating accounts in PayPal, and then sending malicious invoices and requests for payments directly from the service.

· Vector: Email

· Type: Credential Harvesting

· Techniques: Double Spear, Brand Impersonation

· Target: Any end-user

 

Email

In this attack, threat actors are using the legitimacy of PayPal to get into the inbox.

 

Email Example #1

https://avanan.wistia.com/medias/btxmkg6nwn

In this attack, hackers are creating accounts in PayPal. Then they are using PayPal’s features to create an invoice. In this video, you can see how the hackers are editing the business name, placing fake telephone numbers, and showing the fake Norton invoice. From there, hackers can send the invoice to multiple users at once.

 

Techniques

Hackers are using a combination of social engineering and legitimate domains to extract money and credentials from end-users. We’ve seen this with QuickBooks most recently, and now with PayPal. This can be done on any site that’s trusted and used regularly by end-users. PayPal and QuickBooks are particularly clever since they are often used for business invoices. The scam works since static Allow Lists “allow” content from these sites directly from the inbox. It’s a way of condensing the Internet for security scanners. You can’t block the whole Internet; so you try to figure out what you know is good. Trusted websites like PayPal often make the cut, even if it is an oft impersonated brand. What makes this attack scary is that the phishing invoices are created and sent through PayPal. That makes it more legitimate to the security service and to the end-user.

 

For hackers, this process couldn’t be easier. They use PayPal’s domain to get into the inbox. They use classic social engineering tactics to send an invoice notice and get the user to take action. This attack works because of what hackers on the dark web call a double spear:

· Make the user call the listed telephone number

· Make the user pay the invoice

 

Not only do they have your email, but they also have your phone number, which can be used for future attacks. And, of course, they have your money.

 

Best Practices: Guidance and Recommendations

To guard against these attacks, security professionals can do the following:

· Before calling an unfamiliar service, Google the number and check your accounts to see if there were, in fact, any charges

· Implement advanced security that looks at more than one indicator to determine in an email is clean or not

· Encourage users to ask IT if they are unsure about the legitimacy of an email

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA