A sophisticated phishing campaign targeting PayPal users has been discovered by cybersecurity firm Fortinet, using legitimate links and URLs to gain unauthorized access to victims' accounts.
The scam employs deceptive emails that appear to be authentic PayPal notifications, complete with payment details and warnings. Unlike traditional phishing attempts, these emails use genuine PayPal sender addresses and legitimate URLs, allowing them to bypass standard security checks.
When users click the embedded link, they are directed to an actual PayPal login page showing a payment request. However, logging in during this panicked state connects the victim's PayPal account to the scammer's fake email address instead of the user's real account.
The attackers leverage Microsoft 365 test domains, which are free for three months, to create distribution lists containing target email addresses. They then initiate money requests through PayPal's web portal using these distribution lists.
"The beauty of this attack is that it doesn't use traditional phishing methods. The email, the URLs, and everything else are perfectly valid," notes Fortinet in their report. The scheme is so sophisticated that it can evade PayPal's own phishing detection systems.
To protect against such attacks, users should:
- Be wary of unexpected payment requests
- Double-check email sender addresses
- Avoid logging into accounts through email links
- Contact PayPal directly if suspicious activity is noticed
The discovery highlights how cybercriminals continue to evolve their tactics, making it increasingly difficult to distinguish legitimate communications from fraudulent ones.