Blog

Campus Safety Month: How to Keep Students Safe on Your College Campus

September is National Campus Safety Awareness Month; in Massachusetts, it’s Campus Fire Safety Month. As college students settle into their routines for the year, educational institutions must ensure they are studying and living in a safe environment. Here are some tips for keeping students safe on your college campus. Educate students on emergency protocols and […]

September 25, 2023
0 comment
Read More >>

Cloudbric successfully participated in ISEC 2023

Cloudbric successfully participated in ISEC 2023     Cloudbric successfully participated in the 17th International Security Conference 2023 (ISEC 2023), held from Sec 19th to 20th in COEX, Seoul, with Penta security. This conference was held under the theme of ‘ACT Now!’ to send the message that cyber security countermeasures must be implemented right away […]

September 24, 2023
0 comment
Read More >>

Now Is the Perfect Time to Upgrade to Smart Commercial Security Cameras

When it comes to finding a specific video clip, how long would it take you? Have you been bombarded with video alerts that capture ordinary activities you expect to see, causing you to miss important alerts that contain unexpected events? When this is the case, it may be time to upgrade to smart commercial security […]

The post Now Is the Perfect Time to Upgrade to Smart Commercial Security Cameras appeared first on Johns Brothers Security.

September 22, 2023
0 comment
Read More >>

Phone scams conducted using PayPal’s own invoicing service

Phishing attacks often start with an email or text message that links to a malicious web site designed to steal sensitive information. However, some instead direct recipients to call a phone number. Despite claiming to belong to a legitimate organization these fake phone numbers are controlled by the criminal. Callers can be tricked into sending money, sensitive information, or giving access to online accounts and devices through persuasive social engineering tactics. 

This blog post looks at a recent attack that uses PayPal’s own invoicing service to conduct such a phone-based phishing scam.

Phishing attacks lurking within the legitimate correspondence from familiar brands can be hard to spot. For example, Netcraft investigated the following email, sent with a from address of service@paypal.com:

A fake invoice purporting to be from PayPal, containing a fraudulent phone number

Calling the phone number (redacted in the above screenshot) confirms the impersonation. The criminal answering the call starts by introducing themselves as a PayPal employee from the billing or cancellation department. They ask the victim to confirm the invoice number, a common tactic designed to create the impression that this is a legitimate interaction, and then progress the scam from there. This could involve:

  • trying to gain remote access to the victim’s device, by asking the victim to install a remote desktop application like AnyDesk or TeamViewer
  • installing malware (malicious software) on the victim’s device
  • tricking the victim into transferring money into a bank account controlled by the criminal

All the while, the criminal collects personal information about the victim that could be used for future attacks or sold to other criminals on the dark web.

In this case, the phone number was suspended within hours of Netcraft alerting the phone company to the scam. Other would-be victims who later received emails containing the same fraudulent phone …

September 20, 2023
0 comment
Read More >>