HackRead reports that a sophisticated phishing scam is exploiting PayPal's legitimate invoice system, even appearing with the coveted "blue tick" verification mark in users' inboxes. This attack bypasses traditional email security filters and aims to trick individuals into contacting fraudulent support numbers.Attackers create fraudulent PayPal business accounts and use the platform's "Money Request" or "Invoice" feature. Because PayPal itself sends the email, it passes authentication checks and earns the Brand Indicators for Message (BIMI) "blue tick." The scam is hidden in the "Note to Customer" section, which falsely claims an unauthorized charge and provides a fake support phone number. The email is often sent to obscure or group addresses to cause confusion. This is a callback phishing attack, where the provided phone number connects to scammers who attempt to gain remote access to computers or trick users into revealing financial information.This scam highlights a growing trend of attackers leveraging legitimate platforms for malicious purposes. The "blue tick" is no longer a foolproof indicator of legitimacy. Users are advised not to call numbers or click links in suspicious emails, but instead to access PayPal directly through its official website to verify any invoices or requests. Reporting such scams to PayPal is crucial for platform security.Source: HackRead
Phishing, Security Operations, Email security
PayPal invoice scam uses ‘blue tick’ to deceive users

(Photo by Justin Sullivan/Getty Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



