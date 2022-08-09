In this medium we have spoken on countless occasions about the emails or SMS that are received with phishing, always recommending checking the address from which they arrive to trust their content or not. Now this recommendation cannot be applied to the latest case involving PayPalwhere cybercriminals are taking advantage of PayPal’s security loopholes to send emails coming from an official address with the aim of stealing from you.

In recent weeks many users have received emails coming directly from PayPal, making it possible to bypass all security controls on the network. This is because these measures normally make use of the domain to find out if it is included in a fraudulent list, or if, on the contrary, it is legitimate. But when you arrive with a legitimate domain maximum confidence is conferredcausing many people to fall for their deception.

A phishing campaign that comes from PayPal itself

Through PayPal, any user has the ability to send invoices and requests for money to anyone, as all you need is their email. And this is precisely what they do in this new campaign that has been detected by Avanan researchers in June 2022.

In this campaign the attackers send invoices and applications to random people, first creating a free account. In these cases, to make them much more legitimate, the invoices are made with tax data of reputable companies as for example Norton.





From that moment, the victims receive in their email that they have an invoice pending payment and that it comes directly from PayPal. When reviewing the domain, perfectly matches that of the payment platform and also the website belongs to PayPal which will surely have the victim’s account started.

The first thing that can happen is that you find a phone number on the bill to be able to call and even a website. In these cases you will be communicating directly with the attacker and you may even be redirected to another branded website that looks completely legitimate.

A priori, the fact of viewing the alleged invoice or request does not imply anything at all. The problem comes when you are going to authorize the payment in which there is surely no going back. You can waste a lot of subscriptions to online services such as Netflix, Spotify or Disney + and pay that amount thinking that the card has failed and that is why they have sent you that invoice.

In order to avoid problems, it is really important to always have good common sense. In the event that you do not have a commercial relationship with a company, it is not logical that you receive an invoice for that service, just as if it is not the day of collection for your different services that you have in PayPal.