FlagThis

A new phishing campaign is targeting PayPal users by exploiting Microsoft 365 test domains. Scammers are registering free test domains and creating distribution lists, which they then use to send out legitimate-looking PayPal payment requests. This method allows the malicious emails to bypass traditional email security checks because they originate from a verified Microsoft source. The emails appear identical to genuine PayPal requests, making it difficult for email providers to detect and filter them.

When a recipient clicks on the provided link within the email, they are redirected to a PayPal login page, which is made to look like a legitimate payment request. If the user logs in, the scammer gains access to their account. This is because the login process links the victim's PayPal account to the distribution list address created by the attacker, not the actual recipient's address, effectively handing over control to the bad actor. Fortinet's CISO referred to this as "phish-free phishing" due to its effectiveness in bypassing security measures. To defend against this, users need to be trained to scrutinize unexpected payment requests and implement data loss prevention rules that can flag suspicious emails with multiple recipients from a distribution list.

ImgSrc: ciso2ciso.com

References:

• ciso2ciso.com - Scammers Exploit Microsoft 365 to Target PayPal Users – Source: www.infosecurity-magazine.com - 20d

Classification:

• HashTags: Phishing Microsoft365 PayPal
• Company: Microsoft
• Target: PayPal Users
• Product: Microsoft 365
• Feature: Phishing
• Type: Hack
• Severity: Medium