Great catch! I would be interested in how scammers keep coming up with these new methods?
How would they even validate their new attack vector? I would like to think that there’s scam A/B testing or something similar…
I suspect that the strategy I've described in my the post (forwarding a signed email with some modified headers) isn't actually new, and that it's just the first time I've looked closely enough to become interested in how it works.
The whole "put a misleading string in the PayPal name field" thing may be new.
> How would they even validate their new attack vector? I would like to think that there’s scam A/B testing or something similar…
I'm curious about that as well. My guess is that there's nothing as sophisticated as A/B tests with measured results going on, but I'd love to learn more.
jamesbvaughan|1 year ago
The whole "put a misleading string in the PayPal name field" thing may be new.
> How would they even validate their new attack vector? I would like to think that there’s scam A/B testing or something similar…
I'm curious about that as well. My guess is that there's nothing as sophisticated as A/B tests with measured results going on, but I'd love to learn more.