Division of Financial Services
Financial Information Services
<div>Many in the Cornell community have reported receiving fraudulent emails from PayPal. Please be cautious about responding to requests from PayPal, and vendors like it (Venmo and CashApp). Because the fraudulent request comes from a legitimate platform, we are unable to block these at a broad level, as any attempts to do so might also block legitimate messages.<br><br></div><div>The emails come from paypal.com, and truly are from PayPal. Generally they appear to be a money request, possibly referencing an invoice number. The seller notes will include something like "If you didn't make this purchase, contact support at 1-888..." This is the bad actor's phone number, and is not legitimate PayPal support. Once a victim contacts the number, they're directed to a domain to download remote support software, at which point the bad actor connects to their machine and steals personal information. Banking information has been targeted.<br><br></div><div>The emails may look like this <a href="https://it.cornell.edu/phish/11266">example from the Phish Bowl</a>.</div>
