blog.checkpoint.com
Open in
urlscan Pro
18.173.154.88
Public Scan
URL:
https://blog.checkpoint.com/harmony-email/phishing-through-venmo/
Submission: On March 15 via api from TR — Scanned from DE
Submission: On March 15 via api from TR — Scanned from DE
Form analysis 3 forms found in the DOM
<form id="search-form">
<input type="image" src="https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq" name="stq" class="st-search-input" placeholder="Enter your keywords..."
x-webkit-speech="" x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form><form id="search-form1">
<label style="display: none;">Search</label>
<input type="image" src="https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq1" name="stq1" class="st-search-input" placeholder="Enter your keywords..."
x-webkit-speech="" x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form>GET /
<form action="/" id="searchform" class="search-form" method="get">
<div class="form-group">
<input type="search" name="s" class="search-form__input" autocomplete="off" placeholder="Search ...">
<button type="submit" class="btn search-form__submit"><i class="atbs-atoms-icon-right-arrow"></i></button>
</div>
</form>Text Content
Get a Demo Contact Us Support Log In
* Search
*
* Geo Menu
* * Choose your language...
* English (English)
* Spanish (Español)
* French (Français)
* German (Deutsch)
* Italian (Italiano)
* Portuguese (Português)
* Japanese (日本語)
* Chinese (中文)
* Korean (한국어)
* Taiwan (繁體中文)
* Solutions
* * Use Cases
* Industry
* Organization Size
* Hybrid Cloud
* Zero Trust & Least Privilege
* Developer Security & Operations
* IoT Security Solutions
* Anti-Ransomware
* SD-WAN
SEE HOW USE CASES COME TO LIFE THROUGH CHECK POINT'S CUSTOMER STORIES.
Learn More
* Retail
* Financial Services
* Federal Government
* State & Local Government
* Healthcare
* Telco Service Provider
* Education
SEE HOW USE CASES COME TO LIFE THROUGH CHECK POINT'S CUSTOMER STORIES.
Learn More
* Enterprise
* Small & Medium Business
SEE HOW USE CASES COME TO LIFE THROUGH CHECK POINT'S CUSTOMER STORIES.
Learn More
* Platform
* * Infinity Platform
* Secure the Network
* Secure the Cloud
* Secure the Workspace
* Security Operations and AI
Explore Infinity
* Platform Overview
* Infinity Core Services
* Infinity PortalAccess Infinity Portal
* Infinity Platform AgreementPredictable cyber-security environments
through a platform agreement
AI-POWERED THREAT PREVENTION
Learn More
Explore Quantum
* Next Generation Firewall (NGFW) Security GatewayIndustry-leading AI
powered security gateways for modern enterprises
* SD-WANSoftware Defined Wide Area networks converging security with
networking
* Security Policy and Threat ManagementManage firewall and security policy
on a unified platform for on-premises and cloud networks
* Operational Technology and Internet of Things (IoT) Autonomous IoT/OT
threat prevention with zero-trust profiling, virtual patching and
segmentation
* Remote Access VPN Secure, seamless remote access to corporate networks
AI-POWERED THREAT PREVENTION
Learn More
Explore CloudGuard
* Cloud Network Security Industry-leading threat prevention through
cloud-native firewalls
* Cloud Native Application Protection PlatformCloud native prevention first
security
* Code SecurityDeveloper centric code security
* Web Application and API SecurityAutomated application and API security
AI-POWERED THREAT PREVENTION
Learn More
Explore Harmony
* Email and Collaboration SecurityEmail security including office &
collaboration apps
* Endpoint SecurityComprehensive endpoint protection to prevent attacks &
data compromise
* Mobile SecurityComplete protection for the mobile workforce across all
mobile devices
* SASEUnifying security with optimized internet and network connectivity
AI-POWERED THREAT PREVENTION
Learn More
Security Operations and AI
* Managed Prevention & Response ServiceSOC operations as a service with
Infinty MDR/MPR
* Extended Prevention & ResponseAI-Powered, Cloud-Delivered Security
Operations with Infinity XDR/XPR
* Secure Automation and CollaborationAutomate response playbooks with
Infinity Playblocks
* Unified Security Events and Logs as a ServiceInfinity Events cloud-based
analysis, monitoring and reporting
* AI Powered TeammateAutomated Security Admin & Incident Response with AI
Copilot
* ThreatCloud AIThe Brain behind Check Point’s threat prevention
AI-POWERED THREAT PREVENTION
Learn More
* Support & Services
* * Assess
* Transform
* Master
* Respond
* Manage
* Support
Explore Assess Services
* Cyber Security Risk AssessmentAssess cyber security maturity and plan
actionable goals
* Penetration TestingEvaluate security defenses against potential cyber
attacks and threats
* Security Controls Gap Analysis
(NIST CIST)Analyze technology gaps and plan solutions for improved
security and ROI
* Threat IntelligenceAnalyzed data on cyber threats, aiding proactive
security measures
* See All Infinity Global Services >
LEARN HACKERS INSIDE SECRETS AND BEAT THEM AT THEIR OWN GAME
View Courses
Explore Transform Services
* Security Deployment & OptimizationStrategic deployment and refinement of
security for optimal protection
* Advanced Technical Account ManagementProactive service delivered by
highly skilled Cyber Security professionals
* Lifecycle Management ServicesEffectively maintain the lifecycle of
security products and services
* See All Infinity Global Services >
LEARN HACKERS INSIDE SECRETS AND BEAT THEM AT THEIR OWN GAME
View Courses
Explore Master Services
* Certifications & AccreditationsComprehensive cyber security training and
certification programs
* CISO TrainingGlobally recognized training for Chief Information Security
Officers
* Security AwarenessEmpower employees with cyber security skills for work
and home
* Cyber RangeSimulated gamification environment for security training
* MindCheck Point Cyber Security and Awareness Programs training hub
* See All Infinity Global Services >
LEARN HACKERS INSIDE SECRETS AND BEAT THEM AT THEIR OWN GAME
View Courses
Explore Respond Services
* Incident ResponseManage and mitigate security incidents with systematic
response services
* Managed Detection and ResponsePrioritize prevention, delivering
comprehensive SOC operations as a service
* Digital ForensicsComprehensive investigation and analysis of cyber
incidents and attacks
* See All Infinity Global Services >
LEARN HACKERS INSIDE SECRETS AND BEAT THEM AT THEIR OWN GAME
View Courses
Explore Manage Services
* MXDR with Managed SIEM
* Managed Firewalls
* EDR with Agent Management
* Managed CNAPP
* Managed CSPM
* See All Infinity Global Services >
LEARN HACKERS INSIDE SECRETS AND BEAT THEM AT THEIR OWN GAME
View Courses
Explore Support Services
* Support ProgramsPrograms designed to help maximize security technology
utilization
* Check Point PROProactive monitoring of infrastructure program offerings
* Contact Support
LEARN HACKERS INSIDE SECRETS AND BEAT THEM AT THEIR OWN GAME
View Courses
* Solutions
* Use Cases
* Hybrid Cloud
* Zero Trust & Least Privilege
* Developer Security & Operations
* IoT Security Solutions
* Anti-Ransomware
* SD-WAN
* Industy
* Retail
* Financial Services
* Federal Government
* State & Local Government
* Healthcare
* Telco Service Provider
* Education
* Organization Size
* Enterprise
* Small & Medium Business
* Platform
* Infinity Platform
* Platform Overview
* Infinity Core Services
* Infinity Portal
* Infinity Platform Agreement
* Secure the Network
* Next Generation Firewall (NGFW) Security Gateway
* SD-WAN
* Security Policy and Threat Management
* Operational Technology and Internet of Things (IoT)
* Remote Access VPN
* Secure the Cloud
* Cloud Network Security
* Cloud Native Application Protection Platform
* Code Security
* Web Application and API Security
* Secure the Workspace
* Email and Collaboration Security
* Endpoint Security
* Mobile Security
* SASE
* Security Operations and AI
* Managed Prevention & Response Service
* Extended Prevention & Response
* Secure Automation and Collaboration
* Unified Security Events and Logs as a Service
* AI Powered Teammate
* ThreatCloud AI
* Support & Services
* Assess
* Cyber Security Risk Assessment
* Penetration Testing
* Security Controls Gap Analysis (NIST CIST)
* Threat Intelligence
* Transform
* Security Deployment & Optimization
* Advanced Technical Account Management
* Lifecycle Management Services
* Master
* Certifications & Accreditations
* CISO Training
* Security Awareness
* Cyber Range
* Mind
* Respond
* Incident Response
* Managed Detection and Response
* Digital Forensics
* Manage
* MXDR with Managed SIEM
* Managed Firewalls
* EDR with Agent Management
* Managed CNAPP
* Managed CSPM
* Support
* Support Programs
* Check Point PRO
* Contact Support
* Partners
* Check Point Partners
* Find a Partner
* Channel Partners
* Technology Partners
* MSSP Partners
* AWS Cloud
* Azure Cloud
* Become a Partner
* Overview
* Enrolled Partners
* Partner Portal
* CHECK POINT IS 100% CHANNEL. GROW YOUR BUSINESS WITH US!
Sign Up Now
* More
* Company
* Company
* Leadership
* Careers
* Investor Relations
* Newsroom
* Learn
* Resource Center
* Customer Stories
* Blog
* Events & Webinars
* Cyber Hub
* Cyber Security Insights
* Check Point Research
* Cyber Talk for Executives
* CheckMates Community
* SEE HOW USE CASES COME TO LIFE THROUGH CHECK POINT'S CUSTOMER STORIES.
Learn More
* Search
* Search
* Geo Menu
* Choose your language...
* English (English)
* Spanish (Español)
* French (Français)
* German (Deutsch)
* Italian (Italiano)
* Portuguese (Português)
* Japanese (日本語)
* Chinese (中文)
* Korean (한국어)
* Taiwan (繁體中文)
Toggle Navigation
Blog Home > Harmony Email > Phishing Through Venmo
Filter by: Select category Research (553) Security (900) Securing the
Cloud (283) Harmony (155) Company and Culture (18) Innovation (6) Customer
Stories (12) Horizon (5) Securing the Network (11) Partners (8) Connect
SASE (10) Harmony Email (58) Artificial Intelligence (18) Infinity Global
Services (11) Crypto (13) Healthcare (14) Harmony SASE (1)
Harmony EmailMarch 14, 2024
PHISHING THROUGH VENMO
ByJeremy Fuchs, Cybersecurity Researcher/Analyst Check Point Software
Share
*
*
*
*
*
Introduction
Venmo is one of the most popular payment apps in the world. Owned by PayPal,
Venmo is an easy way for friends to send money back and forth. It’s also used by
many businesses, and the app’s social network feature adds another dimension.
In Q3 of 2023, the total payment value on the app was $68 billion, a YoY growth
of seven percent. Further, according to Statista, it is among the top three
payment brands in the US.
It is, however, primarily a US-focused brand, with over 97% of its customers
from the US.
With its popularity in the US—62.8 million active users, or about one in every
five US consumers–scams are bound to happen.
Over the last few years, we have written extensively about how threat actors are
using PayPal for phishing purposes.
There are two types of attacks that are popular: One is a standard spoof of
PayPal. The email does not come from PayPal, but instead looks like it does. The
sender address and links are all different.
The other type actually comes from PayPal. Hackers create accounts in PayPal,
and send invoices directly from PayPal. The email comes from PayPal and any
links come from PayPal. The tip-off in the attack is that the memo box offers a
phone number to call—that number is associated with a scam, and if you do call,
they will try to gather credit card and other personal information.
Now, we’re seeing similar attacks coming directly from Venmo. (Venmo is owned by
PayPal.)
These attacks involve sending payment notifications from Venmo. There is a scam
phone number attached to the email that the threat actor wants you to call.
In this attack brief, Harmony Email researchers will discuss how hackers are
sending invoices from Venmo in the hopes of getting a call back to steal credit
card information.
Harmony Email Researchers notified Venmo of this campaign on February 13th.
Email Example
The email starts as a notification, directly from Venmo, that the end-user has
paid $99.99 to Coinbase. The user will note that’s not accurate, and, the threat
actor hopes, will call the number listed.
If you Google that number, nothing comes up and is not associated with Venmo,
PayPal or Coinbase.
The hacker is hoping that, when you call, you’ll confirm personal information to
“reverse” the charge. This can include credit card information or other banking
info.
Here’s another example.
This purports to come from Norton, but again, the phone number is not associated
with Venmo, PayPal or Norton.
Techniques
The challenge with spotting these attacks is that these emails are not, in and
of themselves, malicious. In fact, in the case of the particular organization
that this was sent to, there’s a significant sender history with Venmo.
Let’s go deeper. It passes SPF checks and DKIM checks. The link is legitimate.
There is no suspicious text.
It has all the hallmarks of a clean email because it is a clean email. Venmo is
a safe organization and so are their emails.
Like many of these BEC 3.0 attacks, however, it pays to go a little deeper. In
this case, the phone number is a tell for our AI engines. The phone number is
not legitimate, and instead is directed to a number that scammers control.
It’s a small detail. And it’s probably not going to be caught by many services.
But small details count.
This attack also lends itself to further attacks. It uses what we call “phone
number harvesting.” When you call the number listed in the email, they can
easily obtain it through called ID. Once they obtain the phone number, they can
carry out further attacks, whether it’s through SMS, WhatsApp or phone calls.
Just one attack—even if not fully successful—can lead to dozens of others.
Best Practices: Guidance and Recommendations
To guard against these attacks, security professionals can do the following:
* Implement security that uses AI to look at multiple indicators of phishing
* Implement security with robust URL protection to scan and emulate webpages
* Implement security that can scan phone numbers in addition to traditional
indicators of phishing
0 85
YOU MAY ALSO LIKE
Harmony Email February 8, 2024
SPOOFING TEMU FOR CREDENTIAL HARVESTING
Introduction Temu, an international online e-commerce store that has quickly ...
Harmony Email February 1, 2024
FAKE VOICEMAIL AS CREDENTIAL HARVESTING LURE
Introduction Hackers will try just about anything to get you ...
Harmony Email January 23, 2024
CONDITIONAL QR CODE ROUTING ATTACKS
Over the summer, we saw a somewhat unexpected rise in ...
Harmony Email September 28, 2023
PHISHING VIA DROPBOX
A burgeoning attack involving Dropbox is making the rounds. In ...
* COMPANY
* About Us
* Careers
* Leadership
* Newsroom
* Investor Relations
* Merchandise Store
* Contact Us
* TECHNICAL RESOURCES
* User Center Sign In
* Advisories
* Threat Map
* Threat Wiki
* URL Categorization
* App Wiki
* EXPAND & LEARN
* Resource Center
* Cyber Hub
* Check Point Research
* Check Point Blog
* Customer Stories
* Product Knowledge Center
* SUPPORT & SERVICES
* Support Center
* Infinity Global Service
* IGS Portal
* * Contact Sales
* North America:
* +1-866-488-6691
* International:
* +44-125-333-5558
* Contact Support
* North America:
* +1-888-361-5030
* International:
* +44-114-478-2845
--------------------------------------------------------------------------------
Follow Us
YOU DESERVE THE BEST SECURITY™ ©1994- 2024 Check Point Software Technologies
Ltd. All rights reserved.
Copyright | Privacy Policy | Cookie Settings | Get the Latest News
This website uses cookies in order to optimize your user experience as well as
for advertising and analytics. For further information, please read our Privacy
Policy and ourCookie Notice.
Cookies Settings Reject All Accept
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices