"Phishing Campaign Uses Live Chat, Leverages PayPal Brand"
The PayPal brand is being leveraged in a new phishing scam. The attackers behind the scam are compromising devices and bypassing secure email gateways by using automated scripts and live chat. These unusual techniques emphasize the need for organizations to strengthen defenses against these types of attacks. Researchers at the Cofense Phishing Defense Center found that the campaign creates spoofed logins and uses a carefully crafted email that seems legitimate until the recipient looks at the headers and links. The subject line indicates that the malicious email is attempting to start a live chat to discuss a service notice related to the target's PayPal account. The email contains a "Help & Contact" link and a "Learn to Identify Phishing" link, both of which lead to authentic PayPal links. However, hovering over the "Confirm Your Account" button reveals that it does not lead to a PayPal URL. It instead leads to a fraudulent live chat where the threat actor then uses automated scripts to initiate communication. The attacker attempts to get the victim's email address and phone number through this communication. According to the Cofense report, the attacker may be trying to gather this information to appear legitimate or collect enough information for authentication. When the threat actor obtains the phone number and the email address, the attacker will then try to get the target's credit card information. In order to directly interact with the victim, the attacker will step in where the script fails. This article continues to discuss findings surrounding the new phishing campaign that leverages the PayPal brand.
BankInfoSecurity reports "Phishing Campaign Uses Live Chat, Leverages PayPal Brand"