More PayPal emails hijacked to deliver tech support scams


Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices.

In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer active” notification. They also set up a fake subscriber account, likely a Google Workspace mailing list, which automatically forwarded any email it received to all other group members. Recently, ConsumerWorld org alerted us that tech support scammers have found a way to manipulate the subject line of PayPal payment notifications.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • PoC exploit released for Microsoft Exchange bug dicovered by NSA

    May 3, 2021

    Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April. Read more… Source: Bleeping Computer  

  • N3TW0RM ransomware emerges in wave of cyberattacks in Israel

    May 3, 2021

    A new ransomware gang known as ‘N3TW0RM’ is targeting Israeli companies in a wave of cyberattacks starting last week. Israeli media Haaretz reported that at least four Israeli companies and one nonprofit organization had been successfully breached in this wave of attacks. Read more… Source: Bleeping Computer  

  • San Diego: Scripps Health Cyberattack Causes Widespread Hospital Outages

    May 3, 2021

    Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident. It’s also unknown whether the adversaries compromised any patient records ...

  • New Buer Malware Downloader Rewritten in E-Z Rust Language

    May 3, 2021

    A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Using the increasingly popular, efficient and easy-to-use Rust programming language will ...

  • Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

    May 3, 2021

    Hewlett Packard Enterprise (HPE) is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE’s Edgeline Infrastructure Manager (EIM) prior ...

  • Suspected Chinese state hackers target Russian submarine designer

    April 30, 2021

    Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document. The threat actor targeted Rubin Central Design ...