Threat actors have been compromising PayPal accounts in a new phishing scheme that exploits notifications coming from the genuine [email protected] email address, SC Media reports.
Carl Windsor, chief information security officer at Fortinet, said malicious payment request emails sent to addresses different from the recipient's address include a link that redirects to the real PayPal site and allows account takeovers because of the email's "to" field originating from an onmicrosoft.com subdomain that includes the threat actors' email distribution list.
"The beauty of this attack is that it doesn't use traditional phishing methods," wrote Windsor. "The email, the URLs, and everything else are perfectly valid. Instead, the best solution is the Human Firewall — someone who has been trained to be aware and cautious of any unsolicited email, regardless of how genuine it may look."
This latest PayPal news comes months after a phishing scam that exploited the email notification system of GitHub.
