July 28, 2016
In the course of this campaign, cybercriminals are abusing the PayPal service to request money from victims. Users receive a “You’ve got a money request” email which misleads them to think of it as a legit because it was sent by PayPal.
Proofpoint states that these emails are not actually falsified and they are not likely to be detected by spam filters. That’s why they manage to arrive their desired destination – the user`s inbox. It is not clear yet if these spam messages are automatically or manually sent but the experts confirmed that the reliable PayPal service is involved in malware propagation.