New PayPal Phishing Scam using “Billing Department of PayPal” as seller name
On Tuesday, Scammers are using invoices sent through PayPal to trap recipients into calling a number to dispute a pending charge.
Recently KrebsOnSecurity heard from a reader who received an email from PayPal that he immediately suspected was phony. The subject read, “Billing Department of PayPal updated your invoice.”
While the phishing message attached to the invoice appears to be unusual, there are many convincing aspects of this hybrid scam. For starters, all of the links in the email lead to PayPal. Hovering over the “View and Pay Invoice” button shows the button indeed wants to load a link at PayPal and clicking that link indeed brings up an active invoice at paypal.com, KrebsOnSecurity reports.
The email headers in the phishing texts (PDF) show that it passes all email validation checks as being sent by PayPal and that it was sent via an Internet address associated with PayPal.
The message reads, “There is evidence that your PayPal account has been accessed unlawfully. $600.00 has been debited to your account for the Walmart Gift Card purchase. This transaction will appear in the automatically deducted amount on PayPal activity after 24 hours. If you suspect you did not make this transaction, immediately contact us at the toll-free number +1 (888) 865-0443 or visit the PayPal Support Center area for assistance. Our Service Hours: (06:00 a.m to 06:00 p.m. Pacific Time, Monday through Friday).”
The reader who shared this phishing email claims that he logged into his PayPal account and could not find any signs of the invoice in question.
A call to the toll-free number listed in the invoice was received by a man who answered the phone as generic “customer service,” instead of trying to spoof PayPal or Walmart.
Soon into the conversation, he suggested visiting a site called globalquicksupport[.]com to download a remote administration tool.