New Phishing Method Exploits PayPal's Money Request Feature
A new phishing method has been discovered, exploiting PayPal's money request feature. The company allegedly behind this discovery is ESET. This technique bypasses email authentication checks and deceives users, making it difficult for mailbox providers to distinguish legitimate from Gmail emails.
The scammer registered a free Microsoft 365 test domain to carry out the attack. They then used Microsoft's Sender Rewrite Scheme (SRS) to bypass email authentication checks. A distribution list containing targeted email addresses was created, and an email was sent with a URL and sender address that passed PayPal's security checks. If recipients logged into their PayPal account via the provided link, scammers gained access. This method uses a legitimate PayPal money request to appear genuine, making it hard for mailbox providers to identify Gmail phishing attempts.
To defend against such threats, employee education and the implementation of data loss prevention (DLP) rules are recommended. Additionally, using advanced AI techniques can help spot hidden interaction patterns and detect Gmail phishing attempts.
The new phishing method exploiting PayPal's money request function is a cause for concern. It bypasses security checks and deceives users, making it difficult to distinguish legitimate from Gmail emails. To protect against this threat, companies should focus on employee education, implement DLP rules, and consider using advanced AI techniques to detect Gmail phishing attempts.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Over 5,600 Road Safety Violations Caught in Manchester Trial
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
- French Police Arrest ShinyHunters Hacker Group Leader After Kering Data Breach
