EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public
Cyber Insurance

Unusual phishing attack targets PayPal users

0
Share:

The associated emails are genuine payment requests from PayPal. In fact, however, the attacker has something else in mind.

ArticlePosted onCarl Windsor, CISO of the cybersecurity company Fortinet, explains in a new blog post about a rather unusual phishing method with which he himself was confronted. This concerns a payment request sent via PayPal. The associated email comes from the sender [email protected] and appears legitimate at first glance. Even the link included points to a real PayPal URL.

Job market
IT Administrator – Infrastructure and Project Management (m/f/d)
City of Nürtingen, Nürtingen
IT Specialist / Product Owner (m/f/d) – digital health administration / digital specialist applications … (m/f/d)
Bavarian State Office for Health and Food Safety, Bad Kissingen
Detail
In fact, the mail also comes from PayPal. However, their sending was triggered by an attacker whose goal is to hijack other people’s PayPal accounts. According to Windsor, he registered a test domain with Microsoft 365 that could be used free of charge for three months and created an e-mail distribution list with the addresses of the attack victims.

He then used the function “Request money” at PayPal and entered the distribution address, so that the corresponding mail ended up in the mailboxes of all persons from the distribution list. Using Microsoft 365’s Sender Rewriting Scheme (SRS) feature, he also had the sender address rewritten to pass common security checks such as SPF, DKIM, and DMARC, Windsor explains.

Please do not log in
Recipients who click on the payment link in the e-mail land on a PayPal website with the created payment request and are asked to log in with their access data. According to Windsor, however, the respective PayPal account is linked to the attacker’s address by logging in, which is also visible on the login page. “The fraudster can then take control of the victim’s PayPal account,” warns the Fortinet CISO.

Display
Although PayPal warns against common phishing methods on its website, the scam described by Windsor is not covered. The fact that the payment request is sent via PayPal and thus via a trustworthy e-mail address is likely to inspire dangerous trust in many a recipient.

In addition, registering with PayPal alone does not trigger a payment, so some users could classify this step as harmless. With the process described by Fortinet, however, the account would already be hijacked.

Windsor considers the best protective measure to be “the human firewall” – i.e. the training of users to be careful with questionable e-mails, no matter how genuine links or sender addresses may look.

Advertisement: Click here for Hacking & Security: The Comprehensive Handbook at Amazon

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
1:48 pm, Mar 16, 2025
weather icon 9°C
L: 8° | H: 11°
broken clouds
Humidity: 55 %
Pressure: 1024 mb
Wind: 13 mph E
Wind Gust: 20 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 75%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 6:12 am
Sunset: 6:06 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
8° | 11°°C 0 mm 0% 11 mph 70 % 1026 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
3° | 9°°C 0 mm 0% 10 mph 89 % 1029 mb 0 mm/h
Tue Mar 18 9:00 pm
weather icon
4° | 10°°C 0 mm 0% 12 mph 78 % 1027 mb 0 mm/h
Wed Mar 19 9:00 pm
weather icon
3° | 15°°C 0 mm 0% 7 mph 79 % 1022 mb 0 mm/h
Thu Mar 20 9:00 pm
weather icon
8° | 14°°C 0 mm 0% 7 mph 78 % 1021 mb 0 mm/h
Today 3:00 pm
weather icon
9° | 10°°C 0 mm 0% 11 mph 55 % 1024 mb 0 mm/h
Today 6:00 pm
weather icon
8° | 8°°C 0 mm 0% 8 mph 57 % 1024 mb 0 mm/h
Today 9:00 pm
weather icon
5° | 6°°C 0 mm 0% 3 mph 70 % 1026 mb 0 mm/h
Tomorrow 12:00 am
weather icon
5° | 5°°C 0 mm 0% 6 mph 84 % 1027 mb 0 mm/h
Tomorrow 3:00 am
weather icon
4° | 4°°C 0 mm 0% 7 mph 89 % 1027 mb 0 mm/h
Tomorrow 6:00 am
weather icon
3° | 3°°C 0 mm 0% 7 mph 81 % 1028 mb 0 mm/h
Tomorrow 9:00 am
weather icon
5° | 5°°C 0 mm 0% 7 mph 66 % 1029 mb 0 mm/h
Tomorrow 12:00 pm
weather icon
9° | 9°°C 0 mm 0% 8 mph 52 % 1028 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€75,984.10
-1.81%
Ethereum(ETH)
€1,730.43
-2.24%
Tether(USDT)
€0.92
-0.01%
XRP(XRP)
€2.11
-6.05%
Solana(SOL)
€118.28
-4.72%
USDC(USDC)
€0.92
-0.01%
Dogecoin(DOGE)
€0.154176
-4.98%
Shiba Inu(SHIB)
€0.000012
-0.63%
Pepe(PEPE)
€0.000006
-5.44%
Peanut the Squirrel(PNUT)
€0.189019
20.47%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top