In message <fe49c629-9e54-40ef-94e1-ba26a7303...@mddhosting.com>, Michael Denney via mailop <mailop@mailop.org> writes
>The instances of this we've seen - aren't actually phishing, just fraud. > >Generating invoices via PayPal to an o365 address that then forwards that out >to >the final recipient. In some cases ... where phone numbers are present, then ringing that number (the only way that the recipient can contest the invoice) will get you to "PayPal Customer Service". They will explain that the bad invoice issue is well-known and direct you to a website where you can log in and open a ticket to contest the invoice... that website will be branded PayPal and will request your PayPal credentials. So "phish" can be correct. Sometimes the phone number is in the Subject header field, more commonly embedded into the invoice itself (where identifying it and blocking it is of course a little more complex). At $DAYJOB$ we see a LOT of this and have for months... PayPal, DocuSign, Intuit ... ... and although Microsoft are currently the main offenders for replaying the emails at scale (essentially to "mailing lists") there's traffic from a number of other places too (a well-known domain registration company had a big problem a few weeks back before they improved their detection and the bad guys moved on). -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
