11/8/2023 0 Comments Paypal customer service live chat![]() "It can safely be assumed that the threat actor is gathering this information to convey legitimacy or to collect sufficient information for authentication," according to the Cofense report. The attacker initially attempts to get an email address and phone number from the victim. When a victim visits the fraudulent live chat, the threat actor utilizes automated scripts to start communication. A user familiar with PayPal may notice at this point that they are being taken to a domain outside of PayPal, while the legitimate PayPal live chat is hosted within the PayPal domain and requires that you log in to use it." ![]() It instead leads to a URL at directlcchat. The malicious email also contains a “Help & Contact” link as well as a “Learn to Identify Phishing” link, both leading to authentic PayPal links.īut, Geoghagan notes, "when hovering over the button labelled “Confirm Your Account,” it does not lead to a PayPal URL. Despite this, the threat actor made no attempts at masking the “from” address, which the PDC identified as one that’s not associated with legitimate PayPal emails," says Alex Geoghagan, security researcher at Cofense Phishing Defense Center. "This may rush the target into attempting to have the problem resolved quickly. The subject line notes that the email is trying to initiate a live chat to discuss a service notice related to the target’s PayPal account. ![]() The researchers found that the campaign not only creates a typical “forms” page or spoofed logins, but also uses a carefully crafted email that appears to be legitimate unless a recipient dives into the headers and links. Researchers at the Cofense Phishing Defense Center says they "observed a phish using a rather unorthodox tactic of acquiring PayPal credentials." The attackers' unusual techniques point to the need for organizations to ramp up defenses against these types of attacks, which eventually could target employees' credentials. See Also: Defending Against the Rising Tide of Fraud: Resilience Strategies for Businesses In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways. Sample of malicious email disguised as coming from PayPal (Source: Cofense)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |