A sophisticated phishing campaign targeting PayPal\u2019s massive user base has emerged, utilizing deceptive \u201cSet up your account profile\u201d emails to compromise user accounts through an ingenious secondary user addition scheme.<\/p>\n
The attack leverages advanced email spoofing techniques and psychological manipulation tactics to bypass traditional security awareness measures, representing a significant evolution in financial fraud methodologies<\/a>.<\/p>\n The scam operates through carefully crafted emails that appear to originate from legitimate PayPal addresses such as service@paypal.com and service@paypal.co.uk.<\/p>\n However, threat actors employ address spoofing techniques that exploit inherent weaknesses in email authentication protocols.<\/p>\n The attackers configure their email clients to display fraudulent sender addresses, taking advantage of the fact that most email systems lack stringent verification mechanisms for \u201cFrom\u201d field authenticity.<\/p>\n Recipients receive messages claiming detection of a new payment profile with charges of $910.45 USD at Kraken.com, a legitimate cryptocurrency trading<\/a> platform.<\/p>\n The emails feature authentic PayPal branding and layout elements, likely extracted from genuine PayPal communications.<\/p>\n Malwarebytes analysts noted<\/a> several critical red flags within these messages, including unusual recipient addresses utilizing compromised domains with \u201c.test-google-a.com\u201d extensions, subject lines misaligned with email content, and absence of personalized greetings that legitimate PayPal communications always include.<\/p>\n The campaign\u2019s most insidious element involves redirecting victims to authentic PayPal infrastructure rather than traditional phishing sites.<\/p>\n When users click the embedded links, they unwittingly initiate PayPal\u2019s legitimate secondary user addition process instead of the expected profile setup or payment dispute resolution.<\/p>\n This technique represents a paradigm shift from conventional phishing<\/a> approaches, as it exploits PayPal\u2019s own functionality to achieve malicious objectives.<\/p>\n The secondary user addition process grants extensive account privileges, including payment authorization capabilities.<\/p>\n Once successfully added as a secondary user, threat actors gain sufficient access to drain victims\u2019 PayPal balances and conduct unauthorized transactions.<\/p>\n This approach bypasses many traditional anti-phishing measures since the destination URLs resolve to legitimate PayPal domains, making detection significantly more challenging for both automated security systems and end users.<\/p>\n The campaign has reportedly operated for over a month, targeting PayPal\u2019s 434 million active users through databases of email addresses associated with PayPal accounts or previous PayPal interactions.<\/p>\n The post Threat Actors Attack PayPal Users in New Account Profile Set up Scam<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEitrzbHKgiH3x9oSHbk0Oh7pqFK9JdQcso6qDmMw3HPHnn3Z_lwMvdX8KNNw328_i3kwDBs4Ixa0lPgQwvI45s8T-sZQaD1FGG6GTU-ctaoWN4RHcU4BwcgFIBXTjBhzf9Qyl_u7cNgscJqN_6LqL5mDIDFeFYta8Gjvk69NrRQfzKfoizZG0Pr6nyQMkw\/s16000\/Fake%2520email%2520%28Source%2520-%2520Malwarebytes%29.webp?ssl=1\")
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEik5a7kiGu96BF9HK8poZlkvzvN3qPG6oJToOMVCVO-x-TabYeC85Jth4862kHVEndZ8ilMnXVSfg7Fcypvf9aFp0wkSx1qgZsFX3mes5jA0ZThMxbXy20leHd7hmVBQI6FWgOqfnj-1MgKIw9a0ddpLpzgaiUiLZ04KyK4R60FQIGaYEECawZEdCXoR7k\/s16000\/Fake%2520email%2520body%2520%28Source%2520-%2520Malwarebytes%29.webp?ssl=1\")
Sophisticated Account Takeover Mechanism<\/h2>\n
Boost\u00a0your\u00a0SOC and help your team protect your business with free top-notch threat intelligence:\u00a0Request TI Lookup Premium Trial<\/a>.<\/code><\/strong><\/p>\n