EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public
paypal1

New PayPal Phishing Abusing Microsoft365 Domains for Sophisticated Attacks

0
Share:

A new and sophisticated phishing scam has been uncovered, leveraging Microsoft 365 domains to trick users into compromising their PayPal accounts.

The attack exploits legitimate-looking sender addresses and URLs, making it harder for victims to recognize the phishing attempt.

Security experts, including Chief Information Security Officers (CISOs), have raised alarms about the growing menace, urging caution and vigilance, shared by Fortinet.

<img class=”i-amphtml-intrinsic-sizer” style=”box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; outline: 0px; font-size: 18px; vertical-align: baseline; background: transparent; max-width: 100%; display: block !important;” role=”presentation” src=”data:;base64,” alt=”” aria-hidden=”true” />
phishing mail

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

How the Scam Works

This phishing campaign uses Microsoft 365’s free trial domains to craft authentic-looking email addresses.

<img class=”i-amphtml-intrinsic-sizer” style=”box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; outline: 0px; font-size: 18px; vertical-align: baseline; background: transparent; max-width: 100%; display: block !important;” role=”presentation” src=”data:;base64,” alt=”” aria-hidden=”true” />
URL looks genuine

Once a scammer registers a trial domain, they set up deceptive distribution lists with obscure addresses resembling legitimate ones.

For example, an email might appear to originate from “Billingdepartments1[@]gkjyryfjy876.onmicrosoft.com,” which at first glance might look credible to unsuspecting users. Here’s the scam’s modus operandi step-by-step:

  1. The Money Request Email: The attacker uses the PayPal interface to send payment requests to the distribution list they created. This makes it appear PayPal itself is seeking money from the victims. The email is technically legitimate and passes sender authentication methods like SPF, DKIM, and DMARC checks, making it indistinguishable from real PayPal communications.
  2. The Phishing Hook: Upon receiving the email, victims who click the embedded link are directed to what looks like an official PayPal login page. The page displays the payment request, creating a sense of urgency and panic. Many victims proceed to log in without suspicion, thereby falling into the scammer’s trap.
  3. Account Takeover: Once the victim logs in, their PayPal account becomes linked to the scammer’s email address, such as “Billingdepartments1[@]gkjyryfjy876.onmicrosoft.com.” This allows the attacker to access the victim’s account, potentially transferring funds or stealing sensitive information.
<img class=”i-amphtml-intrinsic-sizer” style=”box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; outline: 0px; font-size: 18px; vertical-align: baseline; background: transparent; max-width: 100%; display: block !important;” role=”presentation” src=”data:;base64,” alt=”” aria-hidden=”true” />
PayPal login page showing a request for payment

Why This Scam is Dangerous

The cleverness of this attack lies in its leveraging of legitimate technologies. By using free Microsoft 365 test domains, the scammers bypass conventional detection systems.

<img class=”i-amphtml-intrinsic-sizer” style=”box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; outline: 0px; font-size: 18px; vertical-align: baseline; background: transparent; max-width: 100%; display: block !important;” role=”presentation” src=”data:;base64,” alt=”” aria-hidden=”true” />
scammer appears to have simply registered an MS365 test domain

The distribution list feature further obfuscates the true sender, creating plausible deniability. Even PayPal’s phishing detection instructions would fail to flag this method.

Most dangerously, the phishing email’s sender address and links appear authentic, and the email passes standard security checks. This raises the stakes, as even tech-savvy users might fall for the scam.

Experts urge vigilance when handling payment requests, even from seemingly legitimate sources. Here are some safety recommendations:

  • Verify Requests: Always double-check payment requests directly within your PayPal account rather than relying on email links.
  • Scrutinize Sender Addresses: Look carefully at the sender address for anomalies or inconsistencies.
  • Enable Two-Factor Authentication (2FA): This adds an extra layer of protection to your PayPal account.
<img class=”i-amphtml-intrinsic-sizer” style=”box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; outline: 0px; font-size: 18px; vertical-align: baseline; background: transparent; max-width: 100%; display: block !important;” role=”presentation” src=”data:;base64,” alt=”” aria-hidden=”true” />PayPal’s own phishing check instructions
PayPal’s phishing check instructions

As attackers continue to innovate, staying informed and cautious is vital. PayPal users, especially those handling corporate accounts, must prioritize cybersecurity to avoid falling victim to threats like these.

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
12:01 pm, Jun 8, 2025
weather icon 17°C
L: 15° | H: 18°
clear sky
Humidity: 54 %
Pressure: 1018 mb
Wind: 8 mph NNW
Wind Gust: 16 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 2%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:44 am
Sunset: 9:14 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
15° | 18°°C 0 mm 0% 11 mph 73 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
10° | 18°°C 0 mm 0% 8 mph 86 % 1022 mb 0 mm/h
Tue Jun 10 10:00 pm
weather icon
12° | 21°°C 0.97 mm 97% 10 mph 85 % 1019 mb 0 mm/h
Wed Jun 11 10:00 pm
weather icon
14° | 25°°C 0 mm 0% 10 mph 91 % 1019 mb 0 mm/h
Thu Jun 12 10:00 pm
weather icon
17° | 24°°C 1 mm 100% 12 mph 82 % 1017 mb 0 mm/h
Today 1:00 pm
weather icon
16° | 16°°C 0 mm 0% 11 mph 53 % 1018 mb 0 mm/h
Today 4:00 pm
weather icon
17° | 17°°C 0 mm 0% 9 mph 53 % 1018 mb 0 mm/h
Today 7:00 pm
weather icon
17° | 18°°C 0 mm 0% 10 mph 55 % 1019 mb 0 mm/h
Today 10:00 pm
weather icon
13° | 13°°C 0 mm 0% 7 mph 73 % 1021 mb 0 mm/h
Tomorrow 1:00 am
weather icon
13° | 13°°C 0 mm 0% 7 mph 80 % 1021 mb 0 mm/h
Tomorrow 4:00 am
weather icon
10° | 10°°C 0 mm 0% 5 mph 86 % 1021 mb 0 mm/h
Tomorrow 7:00 am
weather icon
12° | 12°°C 0 mm 0% 6 mph 78 % 1022 mb 0 mm/h
Tomorrow 10:00 am
weather icon
17° | 17°°C 0 mm 0% 6 mph 60 % 1022 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€92,437.23
0.25%
Ethereum(ETH)
€2,193.76
0.27%
Tether(USDT)
€0.88
-0.01%
XRP(XRP)
€1.94
1.14%
Solana(SOL)
€130.60
-1.97%
USDC(USDC)
€0.88
0.00%
Dogecoin(DOGE)
€0.159768
-2.14%
Shiba Inu(SHIB)
€0.000011
-2.57%
Pepe(PEPE)
€0.000010
-0.81%
Peanut the Squirrel(PNUT)
€0.234364
7.64%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top