Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices.
In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer active” notification. They also set up a fake subscriber account, likely a Google Workspace mailing list, which automatically forwarded any email it received to all other group members. Recently, ConsumerWorld org alerted us that tech support scammers have found a way to manipulate the subject line of PayPal payment notifications.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Private 5G Network Security Expectations Part 3
July 11, 2022
Trend Micro conducted a survey on private wireless network security in collaboration with 451 Research, part of S&P Global Market Intelligence, in four countries (Germany, the U.K, Spain, and the U.S.) across the manufacturing, electricity, oil and gas, and healthcare industries. Trend Micro have introduced this survey’s findings on the expectations for private 5G security ...
- New 0mega ransomware targets businesses in double-extortion attacks
July 8, 2022
A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. 0mega (spelled with a zero) is a new ransomware operation launched in May 2022 and has attacked numerous victims since then. A ransomware sample for the 0mega operation hasn’t yet been found, therefore there’s not much information on ...
- Quantum ransomware attack affects 657 healthcare orgs
July 7, 2022
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. Founded in 1904, PFC helps thousands of healthcare, government, and utility organizations across the U.S. ensure that customers pay their invoices on time. The company started notifying the ...
- New stealthy OrBit malware steals data from Linux devices
July 7, 2022
A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. Dubbed OrBit by Intezer Labs security researchers who first spotted it, this malware hijacks shared libraries to intercept function calls by modifying the LD_PRELOAD environment variable on compromised devices. While it can gain ...
- Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
July 6, 2022
Recently, Trend Micro researchers found a brand-new ransomware family that employs a similar scheme: It disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection. Their investigation also shows that this ransomware uses the QueueUserWorkItem function, a .NET System.Threading ...
- RaHDIt hackers published data of Ukrainian spies
July 6, 2022
RaHDIt hackers have made public the data of one thousand employees of the Main Intelligence Directorate (GUR) of the military department of Ukraine. According to RIA Novosti, problems in protecting the networks of the Central Directorate of the Main Intelligence Directorate on Rybalsky Island in Kyiv helped in the formation of the database. Among the disclosed intelligence ...

