Hackers manipulate the email settings of the PayPal payment platform and send phishing emails from a legitimate PayPal email address to victims. By doing so, they hope to manipulate them to eventually download malware that can be used to loot bank accounts and more.
BleepingComputer writes that hackers can send phishing emails from the legitimate”service@paypal.com” email address by manipulating the PayPal payment platform’s email settings. Due to the legitimate sending address, these emails often escape security and spam filters, so victims receive them normally in their inboxes.
Phishing process
In the emails, the hackers indicate that a new delivery address has been created for their PayPal account and that they need to confirm that this is indeed the case. This often indicates that an order has been placed for this address of, for example, a MacBook.
The email contains a phone number of a “PayPal help desk” that victims should call, if they have doubts about this and want to know more. Once called, victims are first placed in a queue before being helped by a ‘service employee.’
The “real service person” then tries to convince callers that certain software must be installed to get their accounts back and block the supposed transaction.
Ultimately, this software allows the hackers to potentially plunder bank accounts, add other malware or steal data from devices.
PayPal email manipulation process
The hackers can manipulate the PayPal email by creating a new shipping address themselves. PayPal sends them a confirmation of this. The hackers then forward this confirmation to the email address ” bill_complete1@zodu.onmicrosoft.com” of a Microsoft 365 account they control.
This account acts as a mailing list that automatically forwards every email it receives to all other group members, in this case, the email addresses of potential victims.
BleepingComputer notes that PayPal e-mail addresses can be manipulated because the payment platform does not limit the number of characters in the address fields. This allows hackers to inject their scam messages.
Possible solutions
This latest discovery indicates that PayPal should reduce the number of possible characters in an email, for example, to 50, to solve this problem.
In addition, whenever anyone receives an email about a new shipping address, they should first check their PayPal account to see if one has actually been added. If not, the email can be immediately discarded or blocked as spam.
PayPal itself has not yet responded to the discovered phishing technique.
Also read: Phishing campaign mimics CAPTCHA to spread malware