|
|
|
|
|
|
by bcrescimanno
1406 days ago
|
|
|
The emails are not spoofed. They are actually generated by PayPal to notify an account holder of an invoice. The vast majority of the emails that these systems generate are legitimate emails with legitimate invoices. The vector here is: 1. Create a PayPal account.
2. Create an invoice through PayPal's invoice tool and send to nabakin@example.com.
3. PayPal sends an email to notify the recipient of the outstanding invoice. When PayPal detects fraudulent invoices are generated, they cancel those invoices so consumers no longer see them and can no longer pay on them; however, it's too late to stop the emails. |
|
|