The cybercriminals behind a new phishing campaign are impersonating PayPal by sending out fake order confirmations in an attempt to steal credit card information from unsuspecting users.
Back in November of last year, security researchers from the Check Point-owned email security firm Avanan spotted a similar campaign that spoofed Amazon. These attacks were successful because they used legitimate Amazon links and forced users to make a phone call to cancel their fake orders.
Now Avanan has discovered a similar phishing campaign that impersonates PayPal but once again has users call the attackers themselves in an attempt to cancel a cryptocurrency order placed on the payments platform. However, instead of cancelling the fake order, phone numbers are harvested for future attacks and a user’s banking information can also be stolen as well.
If you’ve received any suspicious emails from PayPal recently, this is what you need to know to avoid falling victim to this scam.
Using fake PayPal order confirmation emails as a lure
In this new phishing campaign, the attackers first send out what looks like a PayPal order confirmation informing potential victims that they purchased over $500 worth of Dogecoin. If they want to cancel the order, a customer support number is provided at the bottom of the email.
While calling the number may seem like the right thing to do, it actually isn’t as the cybercriminals behind this scheme can use your phone…
