I briefly mentioned this new scam in last month's CyberAdviser, and we continue to see more victims, so this is a special "heads-up."
I first saw this PayPal scam about a month ago when it arrived in my inbox. The email was so well crafted that I had to see what followed, and I immediately made a note to include it in my newsletter for August.
My computer is secure with F-Secure/WithSecure, and my network is locked down with our Managed Network Security, so I was able to proceed with confidence while acting like a prospective victim.
✓ What I found is sophisticated and convincing, and we should be on our toes for this scam and others like it.
Today our cyber-guru, Krebs, posted an alert on the PayPal scam. We're including his screenshots below.
Here is the phishing email:
And here is the invoice that pops up when clicked:
This PayPal scam is convincing and effective because it incorporates a legitimate element of PayPal's business. This gives one the impression of credibility and legitimacy, prompting some to call PayPal or who they think is PayPal.
This is where it all goes wrong. A capable support agent from "PayPal" reports the user's account was hacked, but he is there to help rectify the problem by remoting into the victim's computer.
✓ Never let anyone remote into your computer without being 100% sure of their identity. IF IN DOUBT, CONTACT US FIRST!
Our cyber-guru, Krebs, is on the case today too:
PayPal Phishing Scam Uses Invoices Sent Via PayPal
by Krebs, August 18, 2022
https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/
✓ As always, treat everything in your inbox as guilty until proven innocent, and if in doubt, delete it out.
Computer Security Check
Our talented computer coaches are available to work with you for security checks, password managers, browser privacy settings, and much more.
Click to learn more:
https://www.totaldigitalsecurity.com/computer-coaching-services