I manage the IT for a small company, and we're facing an increasing problem with spam and phishing attempts that utilize seemingly legitimate emailing methods. One of the main issues involves phishing emails that look like PayPal invoices, payment notifications, refunds, or address change alerts. These emails are sent to various email addresses that don't belong to us, yet they still land in our inboxes. The deceptive emails often contain embedded phone numbers and links in the form of notes or invoices. We've attempted to use blacklists, but that also inadvertently blocks legitimate PayPal emails. Our phishing filters aren't effective in preventing these attacks, and it's frustrating to see genuine emails ending up in the spam folder. Has anyone encountered this problem and found a solid solution? I'm also aware that Dropbox's email system can be exploited in a similar way.
3 Answers
Make sure to thoroughly check the email headers. I've noticed a spike in these types of emails lately, and they often come from compromised or trial Office 365 accounts. Keeping an eye on the header details can give you essential insights into preventing them.
First, let’s check if those emails are truly from PayPal’s legitimate servers. I’d recommend blocking any suspicious IPs or hostnames. Plus, enforcing DMARC (Domain-based Message Authentication, Reporting & Conformance) could help filter out fraudulent emails that appear authentic.
I found that some of the phishing attempts I dealt with had recipients BCC'd into the emails. Are you experiencing this as well? A good workaround is to check if the recipient is in the 'To' field instead of BCC—if not, you can quarantine those messages.
Actually, I've confirmed that some of these are from PayPal's real servers. Hackers can customize invoices through their platform, which makes it tricky.