PayPal scammers are currently exploiting the platform’s address settings to send phishing emails that appear to confirm recent purchases. Scammers are using this sophisticated phishing tactic to trick individuals into granting remote access to their devices.
Cybercriminals have developed a technique to send fake purchase notifications using an actual “service@paypal.com” email address, ensuring customers receive these deceptive emails in their inboxes rather than their spam folders.
The sophisticated phishing campaign sends convincing notifications claiming that a new address has been added to the recipient’s PayPal account. These emails typically include a fake purchase confirmation for a high-value item such as a MacBook M4, along with a telephone number purportedly for PayPal customer service.
How Scammers Exploit PayPal’s Gift Address Feature to Bypass Security Systems
The use of a valid sending address allows these phishing emails to get past numerous security and spam systems, landing straight in customer inboxes. Because of this sophisticated misuse of PayPal’s infrastructure, even attentive users might be tricked into compromising the security of their devices.
The fraudsters encourage victims to call a phone number that is included if they did not authorise the transaction to create a sense of urgency. When someone calls these numbers, they will first hear a genuine recording calling “PayPal customer service” and requesting that they wait for a person. The purpose of this polite welcome is to dismiss doubts.
Once a person (scammer) comes on the line, they will not actually help cancel the fake transaction. They will instead try to convince the caller that their computer has been “hacked” or “compromised.” He will assert that someone has compromised your computer and recommend installing an antivirus program to fix the issue.
The scammer next requests that the victim visit a website, usually a domain like “pplassist.com”. The fake PayPal representative asks to input a service code on this website. When the code is entered, what seems to be antivirus software is downloaded. This is a ConnectWise ScreenConnect client downloaded from suspicious sites like lokermy.numaduliton.icu.
Running this software allows an attacker to get complete control of the computer. After gaining access, it is possible to install additional malware, make unauthorised wire transactions, and steal personal data.
One aspect that remains actual is PayPal’s email address. Recently, PayPal introduced a feature that lets users add “gift addresses” to their profiles. The email headers testify to the authenticity of these messages as they originate from PayPal’s own mail server and pass DKIM security tests.
However, the attackers added a new address to their account to take use of this functionality. Once the address was added, PayPal sent a customised notification email.
The attackers then manipulated this email to include a “You purchased a new MacBook” phishing message. Finally, the notification was automatically forwarded to another account, which appears to be a mailing list that distributed it to the victims.
According to new findings, PayPal should assist address this issue by limiting email address lengths to 50 characters. Additionally, when you receive an email about a new shipping address, first check your PayPal account to confirm that the change has been made. If no updates appear, delete the email or flag it as spam.
Another method for detecting phishing schemes is to carefully analyse the sender’s address. It may appear real at first, but a deeper inspection reveals irregularities. Although this method is not foolproof, always be cautious of emails designed to trigger an emotional response.
Phishing attacks are growing more prevalent and advanced. Criminals are leveraging advanced technologies, including AI, to develop convincing scams that are difficult to identify.
Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Start your two-week free trial of Phishing Tackle security awareness training today.
