Indicators of a Phishing/Social Engineering Email #2 - Fake PayPal

Neemobeer

Cloud Security Engineer
Staff member
Here is another real phishing email. This one purporting to be from PayPal.

Lets dig in...
(Orange) we have typos and grammatical errors
(1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal.
(2) This email is probably BCC'd to a bunch of users. Most official communications will go directly to you
(3) Here is a hook/social engineering tactic. Trying to instill panic with a sense of urgency
(4) In this case there is no greeting or mention of me the customer (No greeting or generic ones are red flags)
(5/6) There are two issues account activity and a bank alert (Sorry, your bank would notify you of fraudulent CC or account usage)
(7) The whole email is an image that is also a clickable link
1669417772197.png


The link
jetsend.com is a real emailing service with tracking capabilities. The threat actor can determine if you clicked his link. These services will also kick off additional redirects to the attack landing page most likely.
1669418115115.png


Looks like it redirects to a google doc
1669418300454.png


Another redirect to the end page. Looks like the attackers account has already been taken down
1669418374331.png
 
the main one doing the rounds in Australia is a fake toll payment one telling people they owe $2-12 dollars for a toll cam and asking them to click the link and put their bank payment details in

the reason it works so well is Australias total lack of understanding with internet security at even the highest levels
 
Phishing attacks are very popular because they have a very high success rate in general. 75-85% of Cyber crime will leverage phishing as part of their tactics. 60% on average are successful
 
back in the day the same people used to sell snakeoil potions... its a sign of the times i guess ;)
 
An option in MS Outlook is to reporting an email as 'fishing'. Any idea what happens than? It looks to me that they are blocked.
 
Last edited:
In the newer versions of Outlook I believe it will give you the option to report it which sends it to Microsoft to help improve their detection
 
it flags the email on your account... i beleave Microsoft then blocks that address to your account yes but they don't do anything else about it i.e, it doesn't then get blocked for someone else on a Microsoft email

its possible a high count of flags against a email will then take some other action but i have not tested it eg if 20 people flag the same email address it may get more than just blocked for them
 
Back
Top