"PayPal Used to Send Malicious “Double Spear” Invoices"

Security experts at Avanan warn users not to fall for a new threat campaign using PayPal to send out phishing invoices.  PayPal domains are usually “allow-listed” by organizations’ email filters.  So cybercriminals are registering accounts and composing malicious invoices on the platform.  The researchers stated that the cybercriminals spoof the Norton brand but add their own contact details to the invoice requesting payment.  This is done in an attempt to get a double pay-out from the attack.  The researchers stated that the tricked users might call the number, only to be put through to a malicious call center operative who will then attempt to harvest their details, including phone number, and persuade them to pay up.  Avanan calls this approach a “double spear,” forcing payment and stealing user information that can be used in future attacks.  The researchers noted that cybercriminals using PayPal and QuickBooks are particularly clever since they are often used for business invoices.  The researchers are recommending users always do an internet search before calling any number in an unsolicited email/invoice to see if it’s legitimate.  Users should also be encouraged to treat such emails with skepticism.  The researchers noted that advanced security tools are essential as they will use multi-layered techniques to check whether an email is legitimate.

Infosecurity reports: "PayPal Used to Send Malicious “Double Spear” Invoices"