PayPal scams are nothing new. What is new is that cybercriminals have started using legitimate PayPal services to perpetrate those cyberattacks. In July 2016, cybercriminals sent legitimate PayPal emails to PayPal members in an effort to scam them out of $100 USD as well as infect their computers with malware.
To carry out the scam, cybercriminals either created new PayPal accounts or hacked into existing ones. They then took advantage of a PayPal feature that is designed to let members request money from one another. To use this feature, the person requesting the money fills out a form that includes an area where they can enter a message.
In this case, the cybercriminals wrote that they were requesting a refund because $100 had been fraudulently sent from their PayPal accounts to the victims’ accounts. The cybercriminals included a goo.gl URL that supposedly linked to documents showing the fraudulent transaction and an incident report sent to PayPal. In reality, the URL sent the victims to a website that placed a malicious script, which was disguised as a JPEG file, on the victims’ computers. Victims who opened this file had their computers infected with two types of malware:
It did not take long for researchers to discover the scam and for PayPal to stop it. Because the cybercriminals used the Google URL Shortener service to turn the malicious link into a goo.gl URL, the click-through rate could be tracked. Fortunately, only 27 people clicked the link.
Even though there were only a few victims, this scam has much broader implications: You can no longer assume that an email is safe just because the email address in the "From" field is legitimate. You need to carefully review all your emails, looking for signs that they might be a scam. For example, you should be suspicious of unexpected emails that ask for money or information. This is especially true if the emails try to create a sense of urgency (i.e., there will be unfortunate consequences if you do not take action quickly). Other clues include shortened or deceptive URLs, misspellings, and grammatical errors.
This PayPal attack is evidence that cybercrime is constantly evolving. Keeping abreast of cybercriminals’ newest tricks is important but difficult to do on your own. Your best bet is to rely on your IT service provider. They can keep you informed as well as help you protect your business against new and existing threats.
About CHIPS Computer Services
CHIPS Computer Services is an award winning Managed Services Provider specializing in help businesses increase efficiencies and profits by levering properly managed technology. To learn how CHIPS can help your business, email us at firstname.lastname@example.org to schedule no cost business assessment.