Pirates have diverted a PayPal function and send emails by pretending to be technical support for the payment platform to have you install a malware and strip you.
In principle, going through a third -party payment system like Paypal guarantees never to exhibit your banking data (account number, IBAN, bank card number, etc.). And it is precisely this security that reassures users of this solution during their internet transactions. No wonder the payment platform is so popular! But this popularity makes it a target of choice for cybercriminals, who see it as a real gold mine of data asking only to be stolen. Also, users are regularly victims of phishing, cyber attacks and attempted scams. Besides, Bleeping Computer Snack the alarm with a scam by PayPal email, which operates the platform address parameters to send false purchase notifications, and thus encourage users to grant remote access to crooks.
Paypal scam: watch out for this fraudulent email
It all starts when phishing victims receive a Paypal email indicating: “You have added a new address. This is simply a quick confirmation that you have added an address in your Paypal account.” The electronic message contains the new address that would have been added to their Paypal account, as well as a purchase confirmation for a MacBook M4 followed by the mention “If you have not authorized this update, please contact Paypal at +1-888-668-2508”. In short, given the price of the equipment ordered, there is something to worry about! The victims take all the more seriously that the email is sent by the legitimate address of Paypal, “[email protected]”. However, after verification, no new address was added to their account. Some victims do not even have it!
In truth, it is a trap to bring the people referred to to call the telephone number of the “Paypal support” to contest the purchase. Once online, a recording is automatically distributed, indicating that the person has contacted PayPal customer service and that they must wait until a customer service agent is available. Obviously, it is actually a crook. He then tries to scare the victim by making him believe that his account was hacked and invites him to download software so that he can “help” him to block the fraudulent transaction and recover his account. To do this, the victim must go to a site of the type “pplassist[.]com “and enter a service code provided by the false employee of Paypal. Of course, it is a malware …
Paypal scam: a legitimate diverted message
To send this phishing email, cybercriminals have diverted the “new address” function of Paypal which allows, as its name suggests, to link additional electronic addresses to an account. They simply added the false message. To reach as many people as possible, they add a fraudulent email address to their account and then, from this same mailbox, then transmit this electronic message to all people on the broadcast list.
Therefore, if you ever receive a legitimate paypal email indicating that you have updated your address and that it contains a false purchase confirmation, ignore it and do not contact the indicated phone number. Better to connect directly to your PayPal account and confirm that no additional address has been added.