Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices.
In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer active” notification. They also set up a fake subscriber account, likely a Google Workspace mailing list, which automatically forwarded any email it received to all other group members. Recently, ConsumerWorld org alerted us that tech support scammers have found a way to manipulate the subject line of PayPal payment notifications.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Israel has foiled dozens of cyber attacks by Iran over last year, IDF says
September 21, 2022
The IDF’s network, said to be the largest in the Middle East, is constantly being threatened, and the military has identified an increase of 70% in hostile activity in recent years. Though the majority of attacks were identified and thwarted ahead of time, the significant increase in attempts worries the IDF. “In the past year, the ...
- Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
September 21, 2022
Trend Micro researchers observed the active exploitation of CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 in the collaboration tool Atlassian Confluence. The gap is being abused for malicious cryptocurrency mining. Confluence has already released a security advisory detailing the fixes necessary for all affected products, namely all versions ...
- MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
September 20, 2022
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue. When breaching corporate networks, hackers commonly use stolen employee login credentials to access VPNs and the ...
- Security Risks in Logistics APIs Used by E-Commerce Platforms
September 20, 2022
The connectivity that we’ve experienced of late has improved at an unprecedented speed and scale largely because application programming interfaces (APIs) enable the seamless integration of different systems from different entities. APIs integrate data and services between businesses and third-party vendors to address various market needs, enhance the provision of services, and obtain consumer insights, ...
- CISA Releases Eight industrial Control Systems Advisories
September 19, 2022
CISA has released eight (8) Industrial Control Systems (ICS) advisories on September 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: • ICSA-22-263-01 Hitachi Energy PROMOD IV • ICSA-22-263-02 Hitachi Energy AFF660/665 Series • ICSMA-22-263-01 ...
- Russian Sandworm hackers pose as Ukrainian telcos to drop malware
September 19, 2022
The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. Sandworm is a state-backed threat actor attributed by the US government as part of the Russian GRU foreign military intelligence service. The APT hacking group is believed to have been behind numerous attacks this year, including ...

