Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices.
In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer active” notification. They also set up a fake subscriber account, likely a Google Workspace mailing list, which automatically forwarded any email it received to all other group members. Recently, ConsumerWorld org alerted us that tech support scammers have found a way to manipulate the subject line of PayPal payment notifications.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers stole data from multiple electric utilities in recent ransomware attack
December 27, 2022
Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack obtained by CNN. Federal officials have closely monitored the incident for any potential broader impact on the US power sector while private investigators ...
- AI cyber attacks are a ‘critical threat’. This is how NATO is countering them
December 26, 2022
Artificial intelligence (AI) is playing a massive role in cyber attacks and is proving both a “double-edged sword” and a “huge challenge,” according to NATO. “Artificial intelligence allows defenders to scan networks more automatically, and fend off attacks rather than doing it manually. But the other way around, of course, it’s the same game,” David van ...
- Louisiana: Lake Charles Memorial Health has possible cybersecurity incident
December 26, 2022
Some Lake Charles health care system patients may have had their information involved in a cybersecurity incident. The Lake Charles Memorial Health System on Friday mailed letters to some of its “patients whose information may have been involved in a recent cybersecurity incident,” according to a news release from the company. On Oct. 21, the system’s information ...
- IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
December 23, 2022
After closely tracking the activities of the IcedID botnet, Trend Micro researchers have discovered some significant changes in its distribution methods. Since December 2022, Trend Micro observed the abuse of Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. This IcedID variant is detected by Trend Micro as TrojanSpy.Win64.ICEDID.SMYXCLGZ. Advertising platforms like Google ...
- Patch now: Serious Linux kernel security hole uncovered
December 23, 2022
Just what every Linux system administrator wants just before the holidays: A serious Linux kernel security bug. The Zero Day Initiative (ZDI), a zero-day security research firm, announced a new Linux kernel security bug. This hole allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. How bad is it? ...
- LastPass admits attackers have a copy of customers’ password vaults
December 23, 2022
Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains the passwords to their accounts. In a December 22nd update to its advice about the incident, LastPass brings customers up to date by explaining that the August 2022 attack saw “some source code and ...

