According to researchers, emails with malicious attachments significantly rose in the first quarter of 2016 compared to the same time period in 2015.
This rise of email as a vector implies that criminals are shifting away from malicious website infections because web browser security has increasingly improved. Old web plugin standards, like Flash and Java, that used to be gateways for attacks are slowly being phased out. Additionally, built-in safe browsing and anti-phishing mechanisms in browsers are now being implemented.
Due to this change in web browser security, criminals are constantly looking for brand new ways of infecting victims.
One novel way, as security researchers in Proofpoint found out, is by concealing malware within legitimate emails from PayPal, a popular online payment system. If you are a PayPal user, look out!
The scary part about this new method is that the emails are not getting flagged by antivirus and antimalware software because they are authentic emails from PayPal. Proofpoint suspects that attackers are using registered PayPal accounts to execute this scheme. They are exploiting PayPal's feature that allows users to add notes when sending money request emails.