[BlindTlk] FW: [tech-vi Announce List] Watch out for this triple-pronged PayPal phishing and fraud scam

Mark Tardif markspark at roadrunner.com
Sat Dec 3 18:01:44 UTC 2022


Unfortunately, I saw that same fraudulent email on Monday, November 28, and 
it sure looked legitimate.  I actually made the mistake of actually calling 
that phone number, dummy that I am.  I got suspicious and hung up, not 
giving them any personal information.  I called my bank, and they were 
familiar with this fraud, but no money lost.  Close call, however.  I would 
agree, pay attention.  Thank you.



Mark Tardif
Nuclear arms will not hold you.
-----Original Message----- 
From: Justin Williams via BlindTlk
Sent: Saturday, December 03, 2022 12:00 PM
To: 'Blind Talk Mailing List'
Cc: Justin Williams
Subject: [BlindTlk] FW: [tech-vi Announce List] Watch out for this 
triple-pronged PayPal phishing and fraud scam







From: tech-vi at groups.io [mailto:tech-vi at groups.io] On Behalf Of David 
Goldfield
Sent: Saturday, December 3, 2022 8:55 AM
To: List <tech-vi at groups.io>
Subject: [tech-vi Announce List] Watch out for this triple-pronged PayPal 
phishing and fraud scam



Latest blogs for ZDNET - Friday, December 2, 2022 at 2:03 PM


Watch out for this triple-pronged PayPal phishing and fraud scam


  <https://www.zdnet.com/a/img/resize/c7b18e5bf296a6f28413124f07df5fb8c0a49b73/2022/01/17/e0e7d48d-443e-4c48-be8d-bf0c83859c7c/phishing.jpg?auto=webp&width=1280>

JLStock/Shutterstock


ZDNET Recommends


My day started rough.

It was 7 a.m., and I was just partially through my first cup of coffee, when 
I noticed a new message in my email inbox.

It was from PayPal and the subject line said, "You've got a money request."

And so began my first look at this three-pronged PayPal phishing scam.


The ask


  <https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>

David Gewirtz/ZDNET

There's nobody I know who would ask me for money through PayPal and 
reasonably expect to get it, especially without telling me ahead of time 
that they were invoicing me for something. I started to investigate the 
money request in my Gmail box.

In Gmail, you can right-click on the message sender before opening the 
message, in order to see the full email address.

  <https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>

David Gewirtz/ZDNET

The message was from PayPal, so I felt safe enough opening it. Once inside 
the message, I again looked at the sender, and it was still PayPal. The body 
of the message claimed to be from one Susan Bowman. Here, take a look at the 
message.

  <https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>

David Gewirtz/ZDNET

The mistaken "fraudulently" instead of "fraudulent" is one sign there. But 
the sentence that caught my attention was "You will be charged $699. 99 
today." Interestingly, there was a space between the period after $699 and 
the 99. Odd punctuation and spelling are often indicators of a scam message.

Also: 
<https://www.zdnet.com/article/this-phishing-attack-uses-a-countdown-clock-to-panic-you-into-handing-over-passwords/> 
This phishing attack uses a countdown clock to panic you

Another part of the message said, "Please call us as soon as possible at 
toll free number [REDACTED]. to cancel and claim a refund." There was a 
period after the phone number, right in the middle of the sentence. Another 
important thing to note was that the idea of the message was to get me to 
call a number that I was supposed to think was PayPal, to stop the $699.99 
from being sent out. Urgency is another common element of phishing scams.

The bottom of the message had a Pay Now button, and a PayPal transaction ID. 
I do a lot of coding using the PayPal API. It did, indeed, look like what a 
PayPal transaction ID normally looks like. As it turns out, it was an actual 
transaction ID that had been created in the actual PayPal system. More about 
that in a minute.

  <https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>

David Gewirtz/ZDNET


Reaching out to PayPal


Rather than do anything with the message itself, I went to PayPal directly. 
I pointed my browser to PayPal.com <https://paypal.com>  and, after 
verifying my identity with two-factor authentication, logged in.

I scrolled down on the page, and there was, in fact, recent activity from 
Susan Bowman. The screenshot below shows the transaction as canceled, but 
when I first logged in, the activity item was listed as pending.

  <https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>

David Gewirtz/ZDNET

I clicked on the Help button at the top of the screen and scrolled down 
until I found the Contact Us option. I clicked on that, and after the usual 
hoop jumping, found myself talking to an agent in the company's fraud 
operation.

  <https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>

David Gewirtz/ZDNET

I explained the situation. The agent knew exactly what I was calling about, 
and assured me that no money had been sent out. I was also guided through 
how to cancel this transaction.

Also: 
<https://www.zdnet.com/article/warning-this-scam-starts-with-a-fake-invoice-it-could-end-with-crooks-stealing-your-data/> 
This phishing scam starts with a fake invoice

If you click into a requested money transaction, there are two buttons that 
you can choose from. One is Send Money and the other is Cancel. 
Unfortunately, I didn't capture a screenshot before I canceled. I was much 
more focused (remember, I was still on my first cuppa coffee) on canceling 
the transaction.

I clicked the Cancel button and the transaction was terminated. No money was 
lost. Then, I had a little chat with the PayPal agent and learned some 
things…


Anatomy of a three-pronged fraud attempt


This was a three-pronged fraud attempt, in that the attackers had three 
different ways to win.

As I suspected, and the agent confirmed, I was probably not personally 
targeted. Instead, my email address was one of thousands thrown against the 
wall to see what would stick.

While the email address used for this account wasn't one of my most actively 
used accounts, my email addresses have been all over the Internet for 
decades, so they're undoubtedly available to attackers.

Also: 
<https://www.zdnet.com/article/these-file-types-are-the-ones-most-commonly-used-by-hackers-to-hide-their-malware/> 
Hackers commonly use these file types to hide malware

Anyone can ask someone for money through PayPal. All they need to do is feed 
an email address into the PayPal interface and request money. It's a big 
part of what PayPal does, and it's a service that provides a lot of 
legitimate value to a lot of people.

Once that email address is fed in, PayPal does most of the work. This makes 
it pretty ideal for phishing attackers.

There are three ways this attack works:

Prong No. 1: Pay out through PayPal: The first prong of the attack was the 
request for $699.99. While it's fairly unlikely that anyone who gets hit 
with this attack will click "Send Money," all it takes is one or two people 
doing that to make the entire attack worthwhile from the scammer's 
perspective. Don't pay enough attention, click the wrong button, and whoosh! 
Money gone.

Prong No. 2: Pay out by dialing the digits: The PayPal agent told me that 
the second prong of the attack that often also provides value to the 
scammers is the phone number they ask you to call.

Depending on the scammer, the number itself may be billable. It's called a 
"one-ring phone scam 
<https://www.fcc.gov/consumers/guides/one-ring-phone-scam> " and it works by 
spoofing numbers, possibly connecting you to an international number where 
you're charged merely for connecting to the number.

Prong No. 3: Pay out by giving away too much personal info: The big score, I 
was told by the PayPal agent, is actually the third prong of the attack. 
That's when somebody gets the email and calls the number they think is 
PayPal to prevent the payment.

It's at this point that the scammers, pretending to be PayPal's fraud 
department, start asking questions, and by the time they're done, they've 
separated their victims from a treasure trove of personal identifying 
information, which can fuel additional attacks into the future and can even 
be sold to other scammers and criminals.


How to protect yourself


My biggest piece of advice is simple: Pay attention. Don't go through your 
day just mindlessly clicking to get through your email. Be present and 
notice things.

Next, follow my advice about protecting yourself from credit card fraud 
<https://www.zdnet.com/finance/credit-cards/the-single-best-way-to-protect-yourself-against-credit-card-fraud/> 
and check your bank accounts and credit cards every week. Keep an active eye 
on your finances and you'll be able to spot fraud attempts before it becomes 
too late to fix them.

As for PayPal, understand that PayPal will never send payment without your 
explicit OK. The one exception to this is if you sign up for a subscription 
or a recurring donation. But even then, PayPal won't begin the process of 
sending money unless you have explicitly approved it.

Don't click on links in suspicious email messages. Don't call numbers that 
you can't verify independently. Make sure your accounts all have two-factor 
authentication.

Always update your operating system and browser when prompted. That will 
help prevent zero-day attacks from taking hold of your machine.

And, finally, back up your devices. Follow my advice and institute a 3-2-1 
backup strategy 
<https://www.cnet.com/tech/computing/backups-act-like-your-business-depends-on-them/> 
. That way, if you are hit by malware or some other attack, you can recover 
more quickly.

Good luck. Stay safe. Let us know if you have any other safety tips in the 
comments below.

  _____

You can follow my day-to-day project updates on social media. Be sure to 
follow me on Twitter at @DavidGewirtz <https://twitter.com/davidgewirtz> , 
on Facebook at Facebook.com/DavidGewirtz 
<https://www.facebook.com/davidgewirtz> , on Instagram at 
Instagram.com/DavidGewirtz <https://www.instagram.com/DavidGewirtz/> , and 
on YouTube at YouTube.com/DavidGewirtzTV 
<https://www.youtube.com/user/DavidGewirtzTV> .

https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/#ftag=RSSbaffb68



     David Goldfield

Assistive Technology Specialist



Feel free to visit my Web site

WWW.DavidGoldfield.info <http://WWW.DavidGoldfield.info>

_._,_._,_

  _____

Groups.io Links:

You receive all messages sent to this group.

View/Reply Online (#3104) <https://groups.io/g/tech-vi/message/3104>  | 
Reply To Group 
<mailto:tech-vi at groups.io?subject=Re:%20%5Btech-vi%20Announce%20List%5D%20Watch%20out%20for%20this%20triple-pronged%20PayPal%20phishing%20and%20fraud%20scam> 
| Reply To Sender 
<mailto:david.goldfield at outlook.com?subject=Private:%20Re:%20%5Btech-vi%20Announce%20List%5D%20Watch%20out%20for%20this%20triple-pronged%20PayPal%20phishing%20and%20fraud%20scam> 
| Mute This Topic <https://groups.io/mt/95427652/1273066>  | New Topic 
<https://groups.io/g/tech-vi/post>
Your Subscription <https://groups.io/g/tech-vi/editsub/1273066>  | Contact 
Group Owner <mailto:tech-vi+owner at groups.io>  | Unsubscribe 
<https://groups.io/g/tech-vi/leave/11859131/1273066/1102163524/xyzzy> 
[justin.williams2 at gmail.com]

_._,_._,_

_______________________________________________
BlindTlk mailing list
BlindTlk at nfbnet.org
http://nfbnet.org/mailman/listinfo/blindtlk_nfbnet.org
To unsubscribe, change your list options or get your account info for 
BlindTlk:
http://nfbnet.org/mailman/options/blindtlk_nfbnet.org/markspark%40roadrunner.com 




More information about the BlindTlk mailing list