3 min read

Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign

Alina BÎZGĂ

September 14, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign

PayPal scams come in all shapes and sizes, from email-based social engineering schemes to bogus posts and websites that try to trick customers into providing personal data, money and login information.

According to Bitdefender Antispam Lab, PayPal phishing emails are common, with antispam filtering technology flagging bogus correspondence impersonating the online payment system every month.

While most fraudulent correspondence is based on recycled email templates or texts, cyber crooks sometimes go off course to maximize profits and sneak past email filtering software or users’ phishing awareness and knowledge.

On Monday, Bitdefender Labs detected a new phishing campaign targeting PayPal users worldwide. The scam notification email is sent through PayPal's official system (service@paypal.com), allowing threat actors to generate and edit various invoices to trick unsuspecting users. By sending an official-looking invoice via compromised or free PayPal business accounts, scammers have endless opportunities to defraud consumers.

In one sample, the attackers tell recipients they have been charged $637 for security software from a well-known provider that is about to be delivered to a different email recipient.

The embedded link takes users to a PayPal webpage containing the invoice details and warns of suspicious activity on their account.

“There is evidence that your PayPal account has been accessed unlawfully,” the message reads. “Above amount has been debited to your account for the [redacted] Software Purchase.”

In this scam, cybercrooks were crafty enough to not use brick-and-mortar phishing tactics such as links or malicious attachments. Instead, they ask email users to call a fake toll-free phone number (in most samples).

Other variations include purchases for Walmart gift cards of $620 in value and purchases for digital currencies including Tether and Cardano.

Fraudulent phone numbers included in the correspondence include:

  • +1 (888) 870-2819
  • +1 (888) 870-3695
  • +1 (888) 870-4318
  • +1 (888) 870-4319
  • +1 (888) 870-5014
  • +1 (888) 870-5293
  • +1 (479) 343-9751

How to protect your data and money

Cybercrooks will do anything in their power to convince you that the correspondence you are reading is legitimate. To guard against a phishing attack, use your common sense and:

  • Head to your PayPal account to check for any new purchases and review your invoices or statements for suspicious activity before calling any numbers listed in the contact section of the message, even if they are toll-free numbers.

The scammers behind this attack have deliberately mentioned that the “transaction will appear in the automatically deducted amount on PayPal activity after 24 hours” to throw you off their trail.

  • Never provide sensitive data, including credit card details, personally identifiable or login credentials, via phone or other contact methods, and never download remote access software to "fix" the issue.
  • Notify the company of any misuse and suspicious activity via spoof@paypal.com or contact PayPal customer service via the official webpage

Ever wonder how spammers got your email address or phone number? Use Bitdefender Digital Identity Protection to find out if your personal information has been leaked online or has been part of a data breach to protect against identity theft, account takeover attacks and other privacy risks.

Bitdefender Digital Identity Protection continuously monitors your personal information, alerting you in real time in case of data breaches and leaks. This lets you immediately change your passwords and secure your accounts to prevent financial loss or even social media impersonation, which can ruin your reputation.

Managing your digital footprint has never been easier. With our dedicated privacy tool, you can:

  • Discover the extent of your digital footprint
  • Find out if your personal information has been exposed in legal and illegal collections of data
  • Benefit from 24/7 data breach monitoring for up to five email addresses
  • Get instant alerts to new breaches and privacy threats
  • Detect social media impersonators

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials
Alina BÎZGĂ

September 15, 2022

2 min read
Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign
Alina BÎZGĂ

September 14, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
Alina BÎZGĂ

August 31, 2022

4 min read