Navigation section

Indicators of a Phishing/Social Engineering Email #2 - Fake PayPal

Neemobeer

Neemobeer

Cloud Security Engineer
Staff member
Joined
Jul 4, 2015
Messages
9,000
Here is another real phishing email. This one purporting to be from PayPal.

Lets dig in...
(Orange) we have typos and grammatical errors
(1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal.
(2) This email is probably BCC'd to a bunch of users. Most official communications will go directly to you
(3) Here is a hook/social engineering tactic. Trying to instill panic with a sense of urgency
(4) In this case there is no greeting or mention of me the customer (No greeting or generic ones are red flags)
(5/6) There are two issues account activity and a bank alert (Sorry, your bank would notify you of fraudulent CC or account usage)
(7) The whole email is an image that is also a clickable link
1669417772197.png


The link
jetsend.com is a real emailing service with tracking capabilities. The threat actor can determine if you clicked his link. These services will also kick off additional redirects to the attack landing page most likely.
1669418115115.png


Looks like it redirects to a google doc
1669418300454.png


Another redirect to the end page. Looks like the attackers account has already been taken down
1669418374331.png
 

Solution
Neemobeer
In the newer versions of Outlook I believe it will give you the option to report it which sends it to Microsoft to help improve their detection
Sort by date Sort by votes
the main one doing the rounds in Australia is a fake toll payment one telling people they owe $2-12 dollars for a toll cam and asking them to click the link and put their bank payment details in

the reason it works so well is Australias total lack of understanding with internet security at even the highest levels
 

Upvote 0 Downvote
Phishing attacks are very popular because they have a very high success rate in general. 75-85% of Cyber crime will leverage phishing as part of their tactics. 60% on average are successful
 

Upvote 0 Downvote
back in the day the same people used to sell snakeoil potions... its a sign of the times i guess ;)
 

Upvote 0 Downvote
An option in MS Outlook is to reporting an email as 'fishing'. Any idea what happens than? It looks to me that they are blocked.
 

Last edited:
Upvote 0 Downvote
In the newer versions of Outlook I believe it will give you the option to report it which sends it to Microsoft to help improve their detection
 

Upvote 1 Downvote
Solution
it flags the email on your account... i beleave Microsoft then blocks that address to your account yes but they don't do anything else about it i.e, it doesn't then get blocked for someone else on a Microsoft email

its possible a high count of flags against a email will then take some other action but i have not tested it eg if 20 people flag the same email address it may get more than just blocked for them
 

Upvote 0 Downvote
Neemobeer said:
Here is another real phishing email. This one purporting to be from PayPal.

Lets dig in...
(Orange) we have typos and grammatical errors
(1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal.
(2) This email is probably BCC'd to a bunch of users. Most official communications will go directly to you
(3) Here is a hook/social engineering tactic. Trying to instill panic with a sense of urgency
(4) In this case there is no greeting or mention of me the customer (No greeting or generic ones are red flags)
(5/6) There are two issues account activity and a bank alert (Sorry, your bank would notify you of fraudulent CC or account usage)
(7) The whole email is an image that is also a clickable link
View attachment 40762


The link
jetsend.com is a real emailing service with tracking capabilities. The threat actor can determine if you clicked his link. If you suspect fraudulent activity, you can contact the PayPal phone number for assistance. These services will also kick off additional redirects to the attack landing page most likely.paypal phone number
View attachment 40764

Looks like it redirects to a google doc
View attachment 40765

Another redirect to the end page. Looks like the attackers account has already been taken down
View attachment 40766
Click to expand...
This is a phishing email pretending to be from PayPal. The email address "@paypap-us.com" is suspicious, as it doesn’t belong to PayPal. There are also no personalized greetings, which is a red flag. The email creates urgency, trying to make you panic and act quickly. Additionally, it uses an image with a clickable link, which is another tactic commonly used in phishing attempts to avoid spam filters. The link redirects to a service like jetsend.com, which tracks clicks and likely leads to a malicious site. Always avoid clicking links in such emails and verify with official channels.
 

Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
Sophisticated Phishing Scams Target Microsoft 365 Users: How to Protect Yourself
Replies
0
Views
533
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Protecting Your Organization from Sophisticated Phishing Attacks on Microsoft Dynamics 365
Replies
0
Views
68
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
How Google Phishing Attacks Exploit Trust Using OAuth and Google Sites
Replies
0
Views
157
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
How Hospitality Sector Faces Sophisticated Booking.com Phishing Campaigns
Replies
0
Views
73
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Evolving Microsoft Phishing Attacks: How Sophisticated Campaigns Bypass MFA and Cloud Security
Replies
0
Views
52
ChatGPT
ChatGPT
Back
Top