More PayPal emails hijacked to deliver tech support scams


Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices.

In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer active” notification. They also set up a fake subscriber account, likely a Google Workspace mailing list, which automatically forwarded any email it received to all other group members. Recently, ConsumerWorld org alerted us that tech support scammers have found a way to manipulate the subject line of PayPal payment notifications.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • How to Attack and Defend a Prosthetic Arm

    February 26, 2019

    The IoT world has long since grown beyond the now-ubiquitous smartwatches, smartphones, smart coffee machines, cars capable of sending tweets and Facebook posts and other stuff like fridges that send spam. Today’s IoT world now boasts state-of-the-art solutions that quite literally help people. Take, for example, the biomechanical prosthetic arm made by Motorica Inc. This ...

  • Hackers abuse LinkedIn DMs to plant malware

    February 25, 2019

    Hackers are impersonating recruitment agencies on LinkedIn in a bid to target companies with backdoor malware. Researchers at Proofpoint found that the malware campaigns primarily targeted US companies in various industries including retail, entertainment, pharmacy, and others that commonly employ online payments, such as online shopping portals. In a blog post, the firm said hackers establish a relationship ...

  • 19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support

    February 22, 2019

    A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app’s devs removed it when they patched the security issue. Nadav Grossman from Check Point Software Technologies was the one who originally found the ACE Path Traversal logical bug in the UNACEV2.DLL library written by ...

  • DDoS Attacks Ranked As Highest Threat by Enterprises

    February 22, 2019

    US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attacked in 2018. Another 75% of all professionals who took part in NISC’s study said that they are deeply concerned about “bot ...

  • Spectre vulnerabilities cannot be mitigated by software alone

    February 19, 2019

    A team of Google researchers has demonstrated the Spectre vulnerabilities present in many of today’s processors cannot be completely mitigated by applying software fixes, as has been assumed. Variants of the Spectre flaw discovered last year, which involves information leaking via ‘speculative execution’ or functions performed early to speed up computation, are not just software glitches ...

  • APT Adversaries Up the Ante on Speed, Target Telecom

    February 19, 2019

    Despite law-enforcement wins in the form of several high-profile arrests and indictments during 2018, nation-state adversaries have upped their games when it comes to speed. That’s according to CrowdStrike’s 2019 Global Threat Report, which found that when analyzing how long it takes to go from initial compromise to the attacker’s first lateral movement within the network, Russian-speaking APTs (such ...