Malicious spam campaign misuses PayPal

Researchers at Proofpoint have recently noticed an abusive use of PayPal in a malicious spam campaign. Emails were observed with the subject ‘You’ve got a money request’ coming from PayPal. While the sender does not appear to be faked, the spam is generated by registering with PayPal and then using the portal to request money. The spam emails include a link to a short URL which, once clicked, triggers the debit of $100 from the victim’s PayPal account, as well as the download of a Trojan and a malware. Proofpoint notes that, although the scale of the campaign appeared to be small, the technique used is interesting and troubling. ‘For users without anti-malware services that can detect compromised links in emails […], the potential impact is high. At the same time, the combined social engineering approach of requesting money via PayPal from what appears to be a legitimate source creates additional risk for untrained or inattentive recipients, even if they are not infected with the malicious payload.’