Replica brands

Hackers use PayPal accounts to spoof popular brands and create fake invoices

The PayPal logo is seen at its headquarters on February 2, 2022 in San Jose, California. (Photo by Justin Sullivan/Getty Images)

Researchers discovered on Thursday another way for hackers to gain access to users’ inboxes: creating fake invoices in PayPal and using the site’s legitimacy to gain access to the inbox.

In a blog post, Avanan researchers said that starting in June this year, they saw hackers using PayPal to send malicious invoices and request payments.

Here’s what they do: The hackers send the email from PayPal’s domain, using a free PayPal account they signed up to, with the body of the email impersonating brands like Norton. Hackers then exploit legitimate and popular websites to gain access to inboxes and steal credentials and money.

Clearly, Avanan reported a class of phishing attacks that are very difficult to counter with typical technology tools, said Patrick Tiquet, vice president, security and architecture at Keeper Security. Tiquet said preventing this type of attack really comes down to training and awareness.

“Users need to be informed that this type of attack exists and how to recognize it,” Tiquet said. “It’s the only way to prevent this, short of filtering and analyzing all emails that appear to be an invoice. Security awareness training, to be truly effective, must be continually updated. to ensure that users are aware of the latest threats.

Patrick Harr, managing director of SlashNext, said companies need to include social engineering scams like these in phishing training programs. Harr said the modern hybrid workforce uses personal technology (bring your own device or BYOD) and mobile, in particular, since most companies don’t have all employees on managed devices.

“Enterprises need a BYOD strategy that includes cross-channel phishing and malware protection to protect social, gaming, and all messaging apps,” Harr said. “Training should include social engineering scams to demonstrate how personal interactions, such as social media interactions, can impact their professional life.”