heroui logo

PayPal Invoice Abuse

Sublime Rules

View Source
Summary
This rule detects fraudulent PayPal invoices that exploit the PayPal invoicing service, aiming to solicit victims through a callback phishing scheme. Callback phishing involves convincing victims to call a number provided in a message, potentially leading to financial theft, installation of Remote Access Trojans (RATs), or ransomware deployment. The detection criteria include analyzing the sender’s email domain, the presence of specific phrases in the message body, and variations of phone numbers in both subject lines and message body. If the indicators of the fraud, such as common scam phrases and suspicious phone numbers, are identified based on a set of predefined rules, this can indicate an ongoing scam attempt.
Categories
  • Web
  • Identity Management
  • Endpoint
Data Sources
  • User Account
  • Application Log
  • Network Traffic
Created: 2023-02-09