PayPal Attack Update: Another ‘Do Not Pay’ Warning Issued

ByDavey Winder,

Senior Contributor.

It has been less than a week since I reported an ongoing attack involving fake PayPal invoices that the online money giant itself warned users, “do not pay, do not phone." Now, a similar, but not quite as convincing, new attack using fake PayPal invoices has been confirmed by security experts. Here’s everything you need to know.

Previously, I reported how cybercriminals were using a variation of what is known as a TOAD attack to target PayPal users with fake invoices. “You receive an email from a real PayPal email address,” security analysts at KnowBe4 warned, which “contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge.” Such Telephone-Oriented Attack Delivery threats almost always contain a PDF document of some kind, such as the invoice in this case, along with urgency and fear-of-financial-loss messaging. What made this one rather more sophisticated than most such scams, was that the attackers were sending the invoices from a genuine PayPal account email. “The email you receive is real,” KnowBe4 said, “but the invoice is not, and if you call the phone number in the email, you will not be connected to PayPal's support team,” but rather a fraudster after anything from your credit card details, PayPal account credentials or just a good old-fashioned cash payment.

PayPal Attack Update: Another ‘Do Not Pay’ Warning Issued

Other newsrooms on this story

Related reading

PayPal Users Warned ‘Do Not Pay, Do Not Phone’ As Attackers Strike

Digital wallet fraud: how your bank card can be stolen without it leaving your…

Critical New FBI Warning: This Simple Hack Can Empty Your Bank Account

Hotels Hacker Alert Issued As ‘I Paid Twice’ Attacks Confirmed

European banks hit by rogue PayPal payments worth 'billions'

Amazon Issues Attack Alert — 300 Million Customers Are At Risk Now