[BlindTlk] FW: [tech-vi Announce List] Watch out for this triple-pronged PayPal phishing and fraud scam
Mark Tardif
markspark at roadrunner.com
Sat Dec 3 18:01:44 UTC 2022
Unfortunately, I saw that same fraudulent email on Monday, November 28, and
it sure looked legitimate. I actually made the mistake of actually calling
that phone number, dummy that I am. I got suspicious and hung up, not
giving them any personal information. I called my bank, and they were
familiar with this fraud, but no money lost. Close call, however. I would
agree, pay attention. Thank you.
Mark Tardif
Nuclear arms will not hold you.
-----Original Message-----
From: Justin Williams via BlindTlk
Sent: Saturday, December 03, 2022 12:00 PM
To: 'Blind Talk Mailing List'
Cc: Justin Williams
Subject: [BlindTlk] FW: [tech-vi Announce List] Watch out for this
triple-pronged PayPal phishing and fraud scam
From: tech-vi at groups.io [mailto:tech-vi at groups.io] On Behalf Of David
Goldfield
Sent: Saturday, December 3, 2022 8:55 AM
To: List <tech-vi at groups.io>
Subject: [tech-vi Announce List] Watch out for this triple-pronged PayPal
phishing and fraud scam
Latest blogs for ZDNET - Friday, December 2, 2022 at 2:03 PM
Watch out for this triple-pronged PayPal phishing and fraud scam
<https://www.zdnet.com/a/img/resize/c7b18e5bf296a6f28413124f07df5fb8c0a49b73/2022/01/17/e0e7d48d-443e-4c48-be8d-bf0c83859c7c/phishing.jpg?auto=webp&width=1280>
JLStock/Shutterstock
ZDNET Recommends
My day started rough.
It was 7 a.m., and I was just partially through my first cup of coffee, when
I noticed a new message in my email inbox.
It was from PayPal and the subject line said, "You've got a money request."
And so began my first look at this three-pronged PayPal phishing scam.
The ask
<https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>
David Gewirtz/ZDNET
There's nobody I know who would ask me for money through PayPal and
reasonably expect to get it, especially without telling me ahead of time
that they were invoicing me for something. I started to investigate the
money request in my Gmail box.
In Gmail, you can right-click on the message sender before opening the
message, in order to see the full email address.
<https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>
David Gewirtz/ZDNET
The message was from PayPal, so I felt safe enough opening it. Once inside
the message, I again looked at the sender, and it was still PayPal. The body
of the message claimed to be from one Susan Bowman. Here, take a look at the
message.
<https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>
David Gewirtz/ZDNET
The mistaken "fraudulently" instead of "fraudulent" is one sign there. But
the sentence that caught my attention was "You will be charged $699. 99
today." Interestingly, there was a space between the period after $699 and
the 99. Odd punctuation and spelling are often indicators of a scam message.
Also:
<https://www.zdnet.com/article/this-phishing-attack-uses-a-countdown-clock-to-panic-you-into-handing-over-passwords/>
This phishing attack uses a countdown clock to panic you
Another part of the message said, "Please call us as soon as possible at
toll free number [REDACTED]. to cancel and claim a refund." There was a
period after the phone number, right in the middle of the sentence. Another
important thing to note was that the idea of the message was to get me to
call a number that I was supposed to think was PayPal, to stop the $699.99
from being sent out. Urgency is another common element of phishing scams.
The bottom of the message had a Pay Now button, and a PayPal transaction ID.
I do a lot of coding using the PayPal API. It did, indeed, look like what a
PayPal transaction ID normally looks like. As it turns out, it was an actual
transaction ID that had been created in the actual PayPal system. More about
that in a minute.
<https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>
David Gewirtz/ZDNET
Reaching out to PayPal
Rather than do anything with the message itself, I went to PayPal directly.
I pointed my browser to PayPal.com <https://paypal.com> and, after
verifying my identity with two-factor authentication, logged in.
I scrolled down on the page, and there was, in fact, recent activity from
Susan Bowman. The screenshot below shows the transaction as canceled, but
when I first logged in, the activity item was listed as pending.
<https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>
David Gewirtz/ZDNET
I clicked on the Help button at the top of the screen and scrolled down
until I found the Contact Us option. I clicked on that, and after the usual
hoop jumping, found myself talking to an agent in the company's fraud
operation.
<https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/>
David Gewirtz/ZDNET
I explained the situation. The agent knew exactly what I was calling about,
and assured me that no money had been sent out. I was also guided through
how to cancel this transaction.
Also:
<https://www.zdnet.com/article/warning-this-scam-starts-with-a-fake-invoice-it-could-end-with-crooks-stealing-your-data/>
This phishing scam starts with a fake invoice
If you click into a requested money transaction, there are two buttons that
you can choose from. One is Send Money and the other is Cancel.
Unfortunately, I didn't capture a screenshot before I canceled. I was much
more focused (remember, I was still on my first cuppa coffee) on canceling
the transaction.
I clicked the Cancel button and the transaction was terminated. No money was
lost. Then, I had a little chat with the PayPal agent and learned some
things…
Anatomy of a three-pronged fraud attempt
This was a three-pronged fraud attempt, in that the attackers had three
different ways to win.
As I suspected, and the agent confirmed, I was probably not personally
targeted. Instead, my email address was one of thousands thrown against the
wall to see what would stick.
While the email address used for this account wasn't one of my most actively
used accounts, my email addresses have been all over the Internet for
decades, so they're undoubtedly available to attackers.
Also:
<https://www.zdnet.com/article/these-file-types-are-the-ones-most-commonly-used-by-hackers-to-hide-their-malware/>
Hackers commonly use these file types to hide malware
Anyone can ask someone for money through PayPal. All they need to do is feed
an email address into the PayPal interface and request money. It's a big
part of what PayPal does, and it's a service that provides a lot of
legitimate value to a lot of people.
Once that email address is fed in, PayPal does most of the work. This makes
it pretty ideal for phishing attackers.
There are three ways this attack works:
Prong No. 1: Pay out through PayPal: The first prong of the attack was the
request for $699.99. While it's fairly unlikely that anyone who gets hit
with this attack will click "Send Money," all it takes is one or two people
doing that to make the entire attack worthwhile from the scammer's
perspective. Don't pay enough attention, click the wrong button, and whoosh!
Money gone.
Prong No. 2: Pay out by dialing the digits: The PayPal agent told me that
the second prong of the attack that often also provides value to the
scammers is the phone number they ask you to call.
Depending on the scammer, the number itself may be billable. It's called a
"one-ring phone scam
<https://www.fcc.gov/consumers/guides/one-ring-phone-scam> " and it works by
spoofing numbers, possibly connecting you to an international number where
you're charged merely for connecting to the number.
Prong No. 3: Pay out by giving away too much personal info: The big score, I
was told by the PayPal agent, is actually the third prong of the attack.
That's when somebody gets the email and calls the number they think is
PayPal to prevent the payment.
It's at this point that the scammers, pretending to be PayPal's fraud
department, start asking questions, and by the time they're done, they've
separated their victims from a treasure trove of personal identifying
information, which can fuel additional attacks into the future and can even
be sold to other scammers and criminals.
How to protect yourself
My biggest piece of advice is simple: Pay attention. Don't go through your
day just mindlessly clicking to get through your email. Be present and
notice things.
Next, follow my advice about protecting yourself from credit card fraud
<https://www.zdnet.com/finance/credit-cards/the-single-best-way-to-protect-yourself-against-credit-card-fraud/>
and check your bank accounts and credit cards every week. Keep an active eye
on your finances and you'll be able to spot fraud attempts before it becomes
too late to fix them.
As for PayPal, understand that PayPal will never send payment without your
explicit OK. The one exception to this is if you sign up for a subscription
or a recurring donation. But even then, PayPal won't begin the process of
sending money unless you have explicitly approved it.
Don't click on links in suspicious email messages. Don't call numbers that
you can't verify independently. Make sure your accounts all have two-factor
authentication.
Always update your operating system and browser when prompted. That will
help prevent zero-day attacks from taking hold of your machine.
And, finally, back up your devices. Follow my advice and institute a 3-2-1
backup strategy
<https://www.cnet.com/tech/computing/backups-act-like-your-business-depends-on-them/>
. That way, if you are hit by malware or some other attack, you can recover
more quickly.
Good luck. Stay safe. Let us know if you have any other safety tips in the
comments below.
_____
You can follow my day-to-day project updates on social media. Be sure to
follow me on Twitter at @DavidGewirtz <https://twitter.com/davidgewirtz> ,
on Facebook at Facebook.com/DavidGewirtz
<https://www.facebook.com/davidgewirtz> , on Instagram at
Instagram.com/DavidGewirtz <https://www.instagram.com/DavidGewirtz/> , and
on YouTube at YouTube.com/DavidGewirtzTV
<https://www.youtube.com/user/DavidGewirtzTV> .
https://www.zdnet.com/article/watch-out-for-this-triple-pronged-paypal-phishing-and-fraud-scam/#ftag=RSSbaffb68
David Goldfield
Assistive Technology Specialist
Feel free to visit my Web site
WWW.DavidGoldfield.info <http://WWW.DavidGoldfield.info>
_._,_._,_
_____
Groups.io Links:
You receive all messages sent to this group.
View/Reply Online (#3104) <https://groups.io/g/tech-vi/message/3104> |
Reply To Group
<mailto:tech-vi at groups.io?subject=Re:%20%5Btech-vi%20Announce%20List%5D%20Watch%20out%20for%20this%20triple-pronged%20PayPal%20phishing%20and%20fraud%20scam>
| Reply To Sender
<mailto:david.goldfield at outlook.com?subject=Private:%20Re:%20%5Btech-vi%20Announce%20List%5D%20Watch%20out%20for%20this%20triple-pronged%20PayPal%20phishing%20and%20fraud%20scam>
| Mute This Topic <https://groups.io/mt/95427652/1273066> | New Topic
<https://groups.io/g/tech-vi/post>
Your Subscription <https://groups.io/g/tech-vi/editsub/1273066> | Contact
Group Owner <mailto:tech-vi+owner at groups.io> | Unsubscribe
<https://groups.io/g/tech-vi/leave/11859131/1273066/1102163524/xyzzy>
[justin.williams2 at gmail.com]
_._,_._,_
_______________________________________________
BlindTlk mailing list
BlindTlk at nfbnet.org
http://nfbnet.org/mailman/listinfo/blindtlk_nfbnet.org
To unsubscribe, change your list options or get your account info for
BlindTlk:
http://nfbnet.org/mailman/options/blindtlk_nfbnet.org/markspark%40roadrunner.com
More information about the BlindTlk
mailing list