Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices.
In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer active” notification. They also set up a fake subscriber account, likely a Google Workspace mailing list, which automatically forwarded any email it received to all other group members. Recently, ConsumerWorld org alerted us that tech support scammers have found a way to manipulate the subject line of PayPal payment notifications.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TSMC discloses data breach from LockBit-claimed attack against third party
July 4, 2023
Major Taiwanese multinational chip manufacturing firm Taiwan Semiconductor Manufacturing Company has confirmed experiencing a data breach as a result of a cyberattack against Kinmax, which is one of its IT hardware suppliers, before the end of June, reports The Record, a news site by cybersecurity firm Recorded Future. Such a disclosure comes after the LockBit ransomware ...
- Microsoft Denies Major 30 Million Customer-Breach
July 4, 2023
Microsoft has hit back at claims from a shadowy hacktivist outfit that it managed to breach the company and obtain account access for tens of millions of customers. Anonymous Sudan, which has been linked in the past to pro-Kremlin groups like Killnet, posted the details of its alleged raid on Telegram. Read more… Source: Infosecurity Magazine
- Chinese threat actors targeting Europe in SmugX campaign
July 3, 2023
In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, ...
- More sensitive Optus data leaked in major cyberattack on law firm
July 1, 2023
Optus has been caught up in another major cyberattack, with sensitive information about a privacy watchdog investigation into the mobile-phone company breached by Russian hackers. The Office of the Australian Information Commissioner is one of dozens of government departments and agencies scrambling to find out how much of their data has been breached in a hack ...
- A proxyjacking campaign is looking for vulnerable SSH servers
June 30, 2023
A researcher at Akamai has posted a blog about a worrying new trend -proxyjacking – where criminals sell your bandwidth to a third-party proxy service. To understand how proxyjacking works, we’ll need to explain a few things. There are several legitimate services that pay users to share their surplus Internet bandwidth, such as Peer2Profit and HoneyGain. ...
- Cyberattack knocks out satellite communications for Russian military
June 30, 2023
Dozor-Teleport, the satellite system’s operator, switched some users to terrestrial networks during the outage, according to JD Work, a cyberspace professor at the National Defense University. Analyst Doug Madory of Kentik, which monitors online traffic, said one network was taken over by Dozor’s parent company, Amtel-Svyaz, while three others remained down. The company did not release ...

