1. PayPal Invoice Phishing: Attackers Bypass DKIM and ARC Validation to Deploy Callback Scams at Scale
A sophisticated callback phishing campaign is exploiting legitimate PayPal invoice infrastructure to bypass email authentication controls and trick recipients into calling attacker-controlled phone numbers. The campaign, observed by security researchers, leverages PayPal's own billing system to generate invoices that p...