Avanan, a company owned by Check Point Software Technologies, has discovered a PayPal Impersonation Scam to obtain the phone number and bank details of the victims.
This security solutions provider has announced that these fraudulent attacks share similarities with those registered a few months ago with another well-known brand such as Amazon.
In this threat, cybercriminals send an apparently legitimate PayPal order confirmation, instructing users who have bought more than 500 dollars in cryptocurrency based on blockchain DogeCoin.
To cancel the order, users have the option of calling a support or customer service number, a fake phone with which they contact cybercriminals.
From Avanan they inform that the contact number that appears in these fraudulent emails It is based in Hawaii, USA and has been linked to other scams in the past.
In addition to gaining access to your financial information, scammers can target their victims in a variety of ways with their respective phone numbers, from text messages to calls or WhatsApp messages.
However, the main objective of cyber scammers is to access the bank details of their victims, so when they call that number, they will receive the order to give the credit card number and CVV to cancel the charge.
This attack usually works because there is no link in the body of the emailwhich could be filtered as malicious if the ’email’ has a security solution.
“The big payment brands are some of the most supplanted because Internet users tend to trust their emails. […] Companies like Paypal, Amazon or Microsoft are a clear targetso extreme attention must be paid to any entity that asks for personal data”, commented the technical director of Check Point Software for Spain and Portugal, Eusebio Nieva.
From this company they recommend to users that, in case of receiving an ’email’ of these characteristics, they should first check the PayPal account and look at the email sender address.
In addition, they assure that it is convenient not to include companies of these characteristics in the lists of ‘allowed‘ in the inbox, as they are often among the most spoofed. (YO)