Skip to main content

Security Alert: Fraudulent PayPal emails reported

2024-12-12 13:35:00
Brief Description:
Many in the Cornell community have reported receiving fraudulent emails from PayPal. Please be cautious about responding to requests from PayPal, Venmo, or CashApp. Because the requests come from legitimate platforms, CIT is unable to block them.
Current Status:
CIT Messaging was able to craft a block rule to address a majority of this issue. Between that and the end of the holiday season, we are seeing instances of this phish return to normal levels.
Services Affected:
Not Applicable
Full Description:
Many in the Cornell community have reported receiving fraudulent emails from PayPal. Please be cautious about responding to requests from PayPal, and vendors like it (Venmo and CashApp). Because the fraudulent request comes from a legitimate platform, we are unable to block these at a broad level, as any attempts to do so might also block legitimate messages.

The emails come from, and truly are from PayPal. Generally they appear to be a money request, possibly referencing an invoice number. The seller notes will include something like "If you didn't make this purchase, contact support at 1-888..." This is the bad actor's phone number, and is not legitimate PayPal support. Once a victim contacts the number, they're directed to a domain to download remote support software, at which point the bad actor connects to their machine and steals personal information. Banking information has been targeted.

The emails may look like this example from the Phish Bowl.
Enter a full description of the incident. This will appear in the "see all information" view of this alert.