- Scammers are abusing PayPal’s Subscriptions feature to inject phishing messages into legitimate PayPal emails.
- A manipulated customer service URL and Google Workspace forwarding list spread fake notices widely
- PayPal says it is mitigating the issue and urges users to treat unexpected subscription emails with caution.
Scammers use PayPal’s “Subscriptions” feature to send convincing phishing emails and trick users into providing access to their accounts on the platform.
Subscriptions are a feature that allows businesses to automatically charge customers on a regular schedule. Customers sign up once and accept recurring payments, which PayPal automatically processes.
If someone is unsubscribed by the company, that person receives an email notification that comes directly from PayPal’s servers and, as such, passes most email security scans.
Abuse mailing lists
So how do scammers abuse this feature?
As beepcomputer As he explains, the email includes a customer service URL that the criminals somehow managed to modify to include the phishing message. At this time, it is unknown how they achieved this and there is speculation that they are abusing a flaw in the way PayPal handles subscription metadata or they are using a legacy API or platform.
The message contains phishing content that we are accustomed to seeing in these scams: it warns recipients that they have purchased an expensive item and that if they wish to cancel the order, they should call PayPal at the phone number provided in the message.
However, this still does not answer the question of how victims received this message, if they never subscribed to a particular company.
Apparently the original email is sent to a single address: “[email protected]”. Investigators believe this is a Google Workspace mailing list that automatically forwards the email to all other members of the group who, in this case, are the victims.
“This forwarding may cause all subsequent SPF and DMARC checks to fail, as the email was forwarded by a server that was not the original sender,” the post wrote.
PayPal was notified about the abuse and confirmed that it is currently working on a fix:
“PayPal does not tolerate fraudulent activity and we work hard to protect our customers from ever-evolving phishing scams,” PayPal said. beepcomputer.
“We are actively mitigating this issue and encourage people to always be alert online and on the lookout for unexpected messages. If customers suspect they are the target of a scam, we encourage them to contact Customer Support directly through the PayPal app or our contact page for assistance.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
