I briefly mentioned this new scam in last month's CyberAdviser, and we continue to see more victims, so this is a special "heads-up."

 

I first saw this PayPal scam about a month ago when it arrived in my inbox. The email was so well crafted that I had to see what followed, and I immediately made a note to include it in my newsletter for August.

 

My computer is secure with F-Secure/WithSecure, and my network is locked down with our Managed Network Security, so I was able to proceed with confidence while acting like a prospective victim.

 

 What I found is sophisticated and convincing, and we should be on our toes for this scam and others like it.

 

Today our cyber-guru, Krebs, posted an alert on the PayPal scam. We're including his screenshots below.

Here is the phishing email:

Screen Shot 2022-08-18 at 12.35.02 PM

And here is the invoice that pops up when clicked:

Screen Shot 2022-08-18 at 12.14.36 PM

This PayPal scam is convincing and effective because it incorporates a legitimate element of PayPal's business. This gives one the impression of credibility and legitimacy, prompting some to call PayPal or who they think is PayPal. 

 

This is where it all goes wrong. A capable support agent from "PayPal" reports the user's account was hacked, but he is there to help rectify the problem by remoting into the victim's computer. 

 

 Never let anyone remote into your computer without being 100% sure of their identity. IF IN DOUBT, CONTACT US FIRST!

 

Our cyber-guru, Krebs, is on the case today too:

 

PayPal Phishing Scam Uses Invoices Sent Via PayPal

by Krebs, August 18, 2022

https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/

 

✓ As always, treat everything in your inbox as guilty until proven innocent, and if in doubt, delete it out.

 

Computer Security Check

Our talented computer coaches are available to work with you for security checks, password managers, browser privacy settings, and much more. 

 

Click to learn more:

https://www.totaldigitalsecurity.com/computer-coaching-services

 

 

Topics: Threat Advisories

Share :

Related Posts

National Public Data Breach: Immediate...

In a significant cybersecurity breach, the National Public...

Read More

The AT&T Breach - What To Do

On the AT&T Breach

Read More

Last Days for LastPass

I've been using LastPass since 2014 and have recommended...

Read More