Cybercriminals’ tactics change over time, but causing fear and panic is one of the most dependable methods they have when tricking you. Such is the case of a new PayPal scam that can skirt past phishing attempts and steal people’s accounts if they’re not careful.
A New PayPal Scam Tricks People Into Sharing Their Account
As spotted by the CISO of Fortinet, this new scam takes advantage of a Microsoft 365 test domain, which scammers can use for three months for free. They can then use this domain to construct a distribution list of target emails that they want to scam. Because the domain is a part of Microsoft 365, it’s far more likely to dodge automatic phishing checks than normal.
Once the list is ready, they tell PayPal to send a money request to the entire distribution list. The scammer will usually ask for a high amount of money, making you panic over why someone is asking for a huge sum.
As part of the payment process, PayPal automatically links your account with the asker as soon as you log in. It does say this on the page itself, but given that you’re worrying about why someone is asking you for $2,185, you likely won’t see it. The moment you log in to dispute the request, you link your account to the scammer’s and give them access to it.
Fortunately, dodging this scam is pretty simple. If you see someone has asked you for a huge amount of money, do not panic. PayPal does not automatically take the money out of your account if you don’t respond. You can instead ignore the email and the request and get on with your day. And if you’d like to learn more about keeping your funds safe, check out these PayPal scams to watch out for.
