- Fraudsters abuse PayPal’s opt-in feature to insert phishing messages into legitimate PayPal emails.
- The compromised customer service URL and Google Workspace redirect list spread fake messages widely
- PayPal says it is fixing the problem and urges users to treat unexpected registration messages with caution.
Fraudsters use PayPal’s “subscription” feature to send convincing phishing emails and trick users into revealing access to their accounts on the platform.
Subscriptions are a feature that allows businesses to bill their customers automatically and periodically. Customers sign up once and accept recurring payments, which PayPal processes automatically.
When someone unsubscribes from the company, that person receives an email, which comes directly from PayPal’s servers and therefore passes most email security scans.
Inappropriate Use of Mailing Lists
How do fraudsters abuse this feature?
IF BeepTeam explains that the email contains a customer service URL that the scammers have somehow modified to contain the phishing email. It is currently unclear how they achieved this and there is speculation that they are exploiting a flaw in PayPal subscription metadata handling or using an outdated API or platform.
The message contains phishing content that we are used to seeing in these types of scams. They warn recipients that they have purchased an expensive item and that if they wish to cancel the order, they must call PayPal at the phone number provided in the message.
However, this still does not answer the question of how victims received this message if they never registered with a particular company.
Contact me for news and offers from other Future brands.Receive emails from us on behalf of our trusted partners or sponsorsBy submitting your information, you accept this General conditions of sale AND Privacy Policy and be at least 16 years old.
Apparently the original email was sent to an address: “[email protected]”. Researchers believe this is a Google Workspace mailing list that automatically forwards the email to all other members of the group, who are victims in this case.
“This redirection may cause all subsequent SPF and DMARC checks to fail because the email was forwarded from a server that was not the original sender,” the statement said.
PayPal has become aware of the abuse and has confirmed that it is currently working on a fix:
“PayPal does not tolerate fraudulent activity and we work hard to protect our customers from the ever-evolving phishing scams,” PayPal said. BeepTeam.
“We are actively mitigating this issue and encourage people to always be vigilant online and be on the lookout for unexpected messages. If customers suspect they have been the victim of a scam, we encourage them to contact customer service directly through the PayPal app or our Contact Us page for assistance.”
Leave a Reply