Summary: A new sophisticated PayPal phishing tactic has emerged, which effectively bypasses traditional phishing detection methods, as detailed by Fortinet’s CISO, Carl Windsor. This attack tricks users into linking their accounts to attackers by using seemingly legitimate emails and URLs.
Threat Actor: Unknown | unknown
Victim: Individuals using PayPal | PayPal
Key Point :
- The phishing email appears legitimate, with a valid sender address and genuine-looking URL.
- Victims are redirected to a fake PayPal login page, where they unknowingly link their account to the attacker’s account.
- The attack utilizes Microsoft365’s free trial domains and Sender Rewrite Scheme (SRS) to bypass traditional security checks.
- Human vigilance is crucial, as traditional anti-phishing tools are ineffective against this innovative scheme.
- Organizations must prioritize education to prepare their workforce for emerging threats.
Source: https://securityonline.info/new-paypal-phishing-scam-bypasses-security-measures/