Skip to main content

Security Alert: Fraudulent PayPal emails reported

Date:
2024-12-12 13:35:00
Status:
Open
Brief Description:
Many in the Cornell community have reported receiving fraudulent emails from PayPal. Please be cautious about responding to requests from PayPal, Venmo, or CashApp. Because the requests come from legitimate platforms, CIT is unable to block them.
Current Status:
CIT is monitoring PayPal's response to the reported fraudulent emails. Everyone should be cautious of any emails received from PayPal, Venmo, CashApp, and other similar vendors.
Services Affected:
Not Applicable
Full Description:
Many in the Cornell community have reported receiving fraudulent emails from PayPal. Please be cautious about responding to requests from PayPal, and vendors like it (Venmo and CashApp). Because the fraudulent request comes from a legitimate platform, we are unable to block these at a broad level, as any attempts to do so might also block legitimate messages.

The emails come from paypal.com, and truly are from PayPal. Generally they appear to be a money request, possibly referencing an invoice number. The seller notes will include something like "If you didn't make this purchase, contact support at 1-888..." This is the bad actor's phone number, and is not legitimate PayPal support. Once a victim contacts the number, they're directed to a domain to download remote support software, at which point the bad actor connects to their machine and steals personal information. Banking information has been targeted.

The emails may look like this example from the Phish Bowl.
CIT TDX ID: