From Forbes: Gmail users have been warned of a surge in image-based attacks, TikTok users are facing a VIP upgrade offer threat, and Lastpass has urged users not to change their master passwords as a you’ve been hacked email circulates. Now, security experts at KnowBe4 have issued a warning for PayPal users as cybercriminals use a genuine PayPal email address to send an invoice. Paypal itself has responded to this attack with a ‘do not pay, do not phone’ warning. Here’s everything you need to know about the latest scam that could prove costly if you don’t follow the advice given.
The latest PayPal attack warning dropped into my email from the folks at KnowBe4 this week, informing me to be aware of a scam that purports to be from PayPal and is even delivered from a genuine PayPal email address. “You receive an email from a real PayPal email address,” the email warned, which “contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge.”
This may well sound familiar, not least as this type of TOAD attack is something I have detailed before. A Telephone-Oriented Attack Delivery threat usually contains a PDF invoice or other seemingly official document, along with messaging that uses urgency and fear of financial loss to persuade victims to call an adversary-controlled phone number.
View: Full Article
