Paypal Phishing/Coinbase in One Image, (Fri, Aug 26th)

Paypal Service
English: Paypal Service

There is a current wave of Paypal phishing emails ongoing. I already received a few of them. This time, the spam is based on a simple JPEG image. The subject has always this format (with the date changing):

Your PayPal Order Receipt from Aug 25, 2022

The mail body contains the following image:

As you can read, they mention no mail e-mail them but there is phone number. This number was always the same across the samples I received. When you have a phone number, you call it! So I tried…

I called multiple times, at different hours (I’m based in the CET timezone so I tried to call in the morning, afternoon and evening) but no luck! Nobody picked up the phone. It keeps ringing forever… Some people already reported this number is suspicious[1][2]. If you prepare a phishing attack you expect that victims will call! I’m disappointed by the lack of reactivity! Maybe they filter incoming calls based on the international code? (In my case, I called from a Belgian SIP line, international code +32)


Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Photo Credit

English: Paypal Service
Date 2 November 2014, 03:34:06
Source Own work
Author Kaung71
I, the copyright holder of this work, hereby publish it under the following license:
w:en:Creative Commons
attribution share alike
This file is licensed under the Creative Commons Attribution-Share Alike 4.0 International license.

Reposted from SANS. View original.

Alex Post