Security Updates: PayPal Account Profile Scam & TP-Link Router Vulnerability
There are two recent security threats everyone should be aware of, especially when considering the potential impact. The threats are targeted at anyone with a PayPal account and people who have a TP-Link router. This is a large community, which is why these threats are being shared here. Additionally, the potential impact is larger due to the number of people who fall in one or both of these categories.
This post discusses what both threats are as well as what you need to know to protect yourself from them.
Security Updates: PayPal Account Profile Scam & TP-Link Router Vulnerability
PayPal account profile scam
A new phishing campaign is targeted at people who have PayPal accounts. The scam begins with an email that has spoofed the email sender address so that the person receiving it believes it is actually from PayPal. This differs from other scams we have talked about where we break down the sending email address and show all the ways you can tell it is not from who it is reporting to be. For example, the domain is spelled slightly wrong or is using a different country code at the end instead of say .com, etc.
When an email address is spoofed, it looks like it is being sent from the company it says it is from. In this example, the sending email address is a legitimate PayPal email, it just isn't really being created by PayPal. Instead, the legitimate email is being "spoofed" by the attackers to trick you into thinking it is a legitimate email from PayPal.
The email subject encourages a user to configure their account profile, but inside the email, the directive is much different. Inside the email, in addition to setting up your profile, there is information about a recent pending charge near $1,000. This information is shared along with a number given to dispute the charge.
What you need to know: The actual scam here comes if you click the link to "set up your account profile". If someone clicks the link, the attacker is actually working to get secondary accounts added to victim's PayPal account. This would allow them to remove funds from the account by issuing payments.
How you can protect yourself: Like all phishing scams, if you do not open the email, click any links or call the numbers they have listed, you should be pretty safe. If you receive an email like this, do not use any of the information in it to follow up. Do not reply to the email, click on any links or call any numbers within the email. If you are concerned, find a legitimate number for the business and call it instead. Ask if you were sent an email notice before doing anything. Most of the time information like this will come in a more legitimate way.
The most important things you can do are to remain calm, to not let fear tactics trick you into clicking on something you shouldn't. Lastly, if you are still unsure, follow up in a safe way. This includes locating information provided by the actual company and reaching out in one of the forms they have listed.
TP-Link router vulnerability
The second security threat comes via physical hardware - your router. This threat targets older TP-Link routers. TP-Link is a popular router brand for home users and can even be supplied by your Internet Service Provider (ISP). Again, the large amount of people who potentially have a TP-Link router is likely why it was targeted. The larger the potential community, the greater the odds the attackers have at accessing information they should not.
The current known models of TP-Link routers at risk are actually end-of-life models, meaning they should not be receiving updates to manage threats like this any longer. However, TP-Link has actually released an update for these end-of-life models anyway, to help protect people from the vulnerability.
The known affected models are:
- Archer C7
- TL-WR841N/ND
What you need to know: This threat specifically targets TP-Link routers so if your router is not that brand, there is nothing for you to worry about from this threat. Keep in mind ISPs can distribute hardware to you after "rebranding" it so make sure you are positive the router in not a TP-Link.
Additionally, this specific threat is targeted at Microsoft 365 account credentials. It is always important to use a unique and strong password for all accounts. This is especially true of email accounts used to recover other accounts.
Also, it is likely required, but if not, be sure you enable multi-factor on your Microsoft account. This is also applicable for any account you create - the more steps it takes the more challenging it will be for someone else to gain unauthorized access. What you don't want to be is the person making it easy to hack into your accounts. Lastly, never ever approve multi-factor prompts you DID NOT initiate. This can not be stated strongly enough because if you get prompts to authenticate, and you did not initiate this, someone else is likely trying to access your account.
How you can protect yourself: If you have a TP-link router, regardless of its age or if its model falls into the list above, log into it and run any available updates immediately. Additionally, if there is any question at all that your Microsoft 365 credentials have been compromised, change your password immediately.
Be sure to do this outside of the network with the potentially compromised TP-Link router. This means using your phone while it is not on Wi-Fi, or doing it somewhere other than where a TP-link router is managing network traffic.
Both new scams can be a threat, which is especially true when you are not aware of them. The PayPal scam uses email phishing and tries to make you act quickly without thinking by including information with a high dollar amount. The TP-link vulnerability attacks hardware you potentially already have in your home that you would never suspect. Always proceed slowly when receiving unrequested emails and install updates on hardware and software where possible to best protect yourself.
As always, the time you put in up front pays in great dividends of protection when it comes to technology!