Strange PayPal Spam Making the Rounds
Posted by: Timothy Weaver on 01/20/2016 10:43 AM
[
Comments
]
A new type of spam has been discovered by security researcher Troy Hunt - $0 invoices from PayPal accounts.
The emails do not trigger spam filters because they fail to trigger the typical characteristics of a suspicious email. Hunt said he looked for all the indicators that might show it was real or not, but found the email was from member@paypal.com.au, the mail headers were correct and the “View and Pay Invoice” button linked directly to https://www.paypal.com.
Hunt contacted PayPal. Troy said that, “Without any feedback from PayPal or other evidence to the contrary, it looks like they're serving as the delivery mechanism for spam which, of course, won't be flagged as spam because it's a “legitimate” email from them. The message in the 'invoice' is quite clearly just that – spam – and this is almost certainly an abuse of the PayPal invoicing system.”
PayPal has not as yet found a solution to the problem. However, if you get such an email, send it to spoof@paypal.com.
Source: SCMagazine
The emails do not trigger spam filters because they fail to trigger the typical characteristics of a suspicious email. Hunt said he looked for all the indicators that might show it was real or not, but found the email was from member@paypal.com.au, the mail headers were correct and the “View and Pay Invoice” button linked directly to https://www.paypal.com. Hunt contacted PayPal. Troy said that, “Without any feedback from PayPal or other evidence to the contrary, it looks like they're serving as the delivery mechanism for spam which, of course, won't be flagged as spam because it's a “legitimate” email from them. The message in the 'invoice' is quite clearly just that – spam – and this is almost certainly an abuse of the PayPal invoicing system.”
PayPal has not as yet found a solution to the problem. However, if you get such an email, send it to spoof@paypal.com.
Source: SCMagazine
Comments
