Scammers Exploit Microsoft 365 to Target PayPal Users

A new phishing technique exploiting PayPal’s money request feature has been identified, using a legitimate PayPal money request that may appear genuine to recipients.

According to a new advisory by Fortinet, the scammer registered a free Microsoft 365 test domain and created a distribution list containing the targeted email addresses. A payment request was then initiated via PayPal, with the distribution list used as the recipient address.

How the Attack Works

When the request was sent, Microsoft’s Sender Rewrite Scheme (SRS) modified the sender address to bypass email authentication checks, making it appear valid. In addition, the email, URL and sender address passed PayPal’s security checks, deceiving users into believing it was legitimate.

If the recipient panicked and logged into their PayPal account through the provided link, the scammer gained access to their account.

“Standard phishing methods typically require threat actors to craft and deliver emails to a wide audience,” commented Elad Luz, head of research at Oasis Security.

“In this case, however, the threat actors exploit a vendor feature to deliver their messages. The emails are sent from a verified source and follow an identical template to legitimate messages, such as a standard PayPal payment request. This makes [it] difficult for mailbox providers to distinguish [them] from genuine communications, leaving PayPal as potentially the only entity capable of mitigating the issue.”

Defending Against Phishing Threats

To defend against such threats, Fortinet emphasized the importance of a well-trained “human firewall.” Employees should be educated to scrutinize all unexpected payment requests, even when they appear legitimate.

Additionally, the company recommended using data loss prevention (DLP) rules to detect such attacks. A DLP rule can be configured to flag emails involving multiple recipients from a distribution list, helping identify and block these phishing attempts.

“Using neural networks to analyze social graph patterns and other advanced AI techniques in more modern security tools helps spot these hidden interactions by analyzing user behaviors more deeply than static filters,” added Stephen Kowski, field CTO at SlashNext.

“That kind of proactive detection engine recognizes unusual group messaging patterns or requests that slip through basic checks. A thorough inspection of user interaction metadata will catch even this sneaky approach.”

Image credit: Nuttapong punna / Shutterstock.com

Source link

Scammers Exploit Microsoft 365 to Target PayPal Users

How the Attack Works

Defending Against Phishing Threats

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

How the Attack Works

Defending Against Phishing Threats

VMWARE

Configuration Templates