A new phishing campaign is attempting to take over PayPal accounts by impersonating the online payment service. In this unconventional attack method, hackers are tricking users into logging in to their accounts to make a payment. However, this login allows the attacker to take over the account. In the phishing attack, a legitimate feature of Microsoft 365 is used to create a test domain and send emails that appear to be from PayPal. 

Read more: https://www.darkreading.com/threat-intelligence/unconventional-cyberattacks-take-over-paypal-accounts