PayPal is one of the most used platforms for sending and receiving payments by small medium and large enterprises. This makes it the most lucrative target for cybercriminals which is why PayPal phishing scams are so common these days. However, with every new day, these cybercriminals are coming up with new tactics to trick unsuspicious users and steal their personal and financial information.
Recently, some PayPal users (including myself) have received an email claiming that a payment of $450.0 USD has been made to lie.xyy (email@example.com) from their PayPal account through AliExpress for iPhone 6S Black 32GB but in case the user did not make this payment and looking to resolve the issue they should click the link.
Now, if you are someone who keeps an eye on online scams, you may suspect something is wrong and login to your PayPal account to check what is going on while unsuspecting users may simply click on the link in the email body and fall for the scam. I personally, was in shock since I never made any payment for an iPhone 6s through AliExpress or Alibaba however upon going through the email content it was certain that this was nothing but a Phishing scam.
As it can be seen in the email content, the scammers are trying to convince users that the order is being processed and during this time you are unable to do any operation on their order but the fact is that one can file a dispute against the order or payment sent through PayPal. The overall English in the email body also indicated that it is a phishing scam. Also, AliExpress does not accept PayPal payments, in fact; AliExpress does not even mention PayPal among the modes of Payment on its Payment page.
The email address which is used by the scammers to carry this attack out is firstname.lastname@example.org. Upon clicking on the roadrunner.com domain, users are redirected to twcc.com (Time Warner Cable Central). The RoadRunner domain is owned and registered by Warner Bros. Entertainment Inc while TWCC domain is under Time Warner Inc.
It is unclear how scammers are using these domains to conduct this scam however once the user clicks on “Resolve it now” tab they are taken to a fake PayPal domain (phishing domain) which asks for their PayPal login email and password along with other financial information. The good news is that Google Chrome has already marked the domain as a potentially dangerous site to visit.
If you have an account with PayPal, it is advisable to log in to your PayPal account by entering the web address into your browser’s address bar or via an official PayPal app. The PayPal website has a verified green signature as shown in the screenshot below: