What happened
Threat actors are abusing legitimate-looking invoice emails referencing Apple and PayPal to lure recipients into phishing pages and steal credentials or financial information. According to the report, the campaign uses real invoice styling and logos from Apple and PayPal to convince targets that they have outstanding charges or pending payment disputes, prompting them to click links purportedly to view or resolve the invoices. These links direct recipients to fraudulent websites that imitate login portals or payment review pages, where users are asked to enter account credentials, payment card details, or other sensitive information. Because the messages are crafted to resemble official billing communications and often include legitimate branding elements, recipients may be more likely to trust and interact with the content. The activity reflects a trend in which cybercriminals blend authentic corporate email formats with deceptive URLs to increase phishing success rates.
Who is affected
Recipients of the spoofed Apple and PayPal invoice emails are affected, as engaging with the embedded links and entering credentials or financial details can result in theft of account access or payment information.
Why CISOs should care
Invoice-themed phishing that leverages trusted brands like Apple and PayPal underscores ongoing risk from social engineering tactics that capitalize on brand recognition to harvest credentials and financial data.
3 practical actions
- Block known phishing domains. Update security filters to detect and prevent access to the fraudulent invoice sites.
- Educate users on invoice scams. Inform employees that unsolicited invoice notifications can be phishing attempts.
- Monitor for credential misuse. Watch for unusual login attempts from accounts associated with phishing replies.