Security awareness firm KnowBe4 has issued a warning about a new PayPal themed phishing scam that uses real PayPal email addresses to trick victims into handing over sensitive financial information.
The scam begins when victims receive an email from a legitimate PayPal domain containing an invoice for a large purchase they never made. The message also includes a phone number to call if the recipient wants to dispute the charge.
However, while the email may appear authentic, the invoice is fake. Cybercriminals are creating genuine PayPal accounts and using them to send these fraudulent invoices. If the victim calls the listed number, they are connected not to PayPal but to a fraudster posing as a support representative, who will attempt to extract credit card details or pressure the victim into paying a bogus “account fee.”
Javvad Malik, Lead CISO Advisor at KnowBe4, explained that the scam exploits people’s trust in familiar brands and their tendency to react quickly to unexpected charges.
“Even though the email may come from a real PayPal address, this is a clever social engineering trick designed to create panic,” Malik said. “Cybercriminals know that if they can get you to act before you think, they can manipulate you into giving away information or money.”
To stay safe from this and similar scams, Malik advises users to:
- Never call phone numbers listed in suspicious emails.
- If you receive an unexpected invoice, log in directly to PayPal via the official website or app to verify its authenticity.
- Be cautious of any unexpected bills or urgent requests for money—even if the email appears genuine.
The post KnowBe4 warns of new PayPal invoice phishing scam appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
_Michael_Vi_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
