When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Researchers fromBleepingComputerwho, themselves, received one such phishing email, and decided to investigate further.
Abusing legitimate services
Obviously, all of this is fake.
The goal is to scare people into rash decisions, calling the phone number to quickly cancel the order.
This antivirus is actually a ConnectWise ScreenConnect client, which would grant the attackers total control over the computer.
After that, they can steal the data, make actual wire transfers, and more.
One thing that actually isnt fake is PayPals email address.
AsBleepingComputerdiscovered, PayPal recently introduced a new feature that allows users to add gift addresses to their own profiles.
So, in reality, the attackers actually added a new address to their own account.
After adding a new address, PayPal can send a customized notification email.
This customization allowed the attackers to add the You purchased a new MacBook phishing message.
PayPal users getting this email can safely ignore it.
