In order to lure their victims onto a safe trail in phishing emails, they pretend to issue invoices or payment requests from well-known companies. This method is brand phishing .
Now it turns out that the payment service provider PayPal was not spared from this tactic. Security researchers at Avanan, which was acquired by Check Point last year, have observed hackers using escrow to send malicious invoices and request payments.
The criminals even send the email from the PayPal domain using a free PayPal account. The email text simulates well-known brand names, in the example below that of Norton AntiVirus. Technically the trick works because PayPal is listed as a legitimate website in most email verification systems and the email is forwarded unfiltered. This type of attack is doubly dangerous because, firstly, the user is supposed to call the specified phone number in order to then trick them into paying the bill. The perpetrators then discovered their victims' contact information, which can be used for future impostures. This can affect any end user. Following this discovery, Avanan immediately informed PayPal of the attack.

To protect yourself from these attacks, security researchers advise users to:
- Before calling an unknown service, you should search for the number online, as it may be listed as fraudulent.
- Review all accounts to determine if charges have actually been incurred.
- It's worth implementing advanced security measures, such as multi-factor authentication, to make accounts more difficult to access.
- If there is any doubt about the legitimacy of an email, the IT department should always be informed.
The best protection against phishing attempts is an attentive user with a critical eye.
Source: Check Point Software Technologies Ltd.
Also Read:
Fact Check: No, a School District in Texas Didn't Ban Anne Frank and the Bible from Libraries!
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

