We're experiencing a significant influx of phishing emails that impersonate PayPal, typically stating something like "you sent $219.00 to xxxxx." These emails are being routed through Microsoft systems, and while they appear to come from a legitimate PayPal service, they're being exploited by malicious actors. I'm looking for effective ways to manage and block these threats. I considered blocking all emails from paypal.com and whitelisting their legitimate mail server IP addresses, but I can't find a reliable list of these addresses. PayPal also recommends against creating an allow list of IPs. How do you all handle this situation?
5 Answers
With our Mimecast setup, we established content examination policies that hold any email containing PayPal until it's reviewed by an admin. Since our company has no real need for PayPal, this process helps filter out potential phishing scams that users might click on unknowingly.
In our case, we get a mix of emails from paypal.com. Legitimate emails come from their specific server IPs, but the fraudulent ones always seem to originate from outbound.protection.outlook.com. I'm considering creating a mail flow rule that quarantines emails from "[email protected]" where the header reflects that outlook domain. Would that be a smart move?
We use SpamTitan and I've set up pattern filters to catch any emails from PayPal that aren't addressed to our accounts. This effectively sends them to quarantine, which minimizes any phishing risks. It's clear that some malicious individuals have set up PayPal accounts to forward fake emails to unsuspecting targets and hope they'll click harmful links. I think PayPal could improve their security to prevent this from happening by ensuring that links are only valid for a short time and tied to the original request IP.
We don’t see any legitimate reason to have PayPal in our environment, so we quarantine all emails from paypal.com or even those with 'PayPal' in the subject line. It’s a straightforward method to prevent potential scams.
Instead of distinguishing between legitimate and fraudulent PayPal emails manually, why not auto-quarantine anything that comes from PayPal? I mean, unless you're in an industry that specifically uses it, there's really no reason for a business to handle payments that way.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures