---
title: "PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines | DMARC Report"
description: "PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines from DMARC Report explains practical steps for email authentication, domain."
image: "https://dmarcreport.com/og/blog/paypal-email-scam-breachforums-operators-detained-hackers-target-airlines.png"
canonical: "https://dmarcreport.com/blog/paypal-email-scam-breachforums-operators-detained-hackers-target-airlines/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fpaypal-email-scam-breachforums-operators-detained-hackers-target-airlines%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=PayPal%20Email%20Scam%2C%20BreachForums%20Operators%20Detained%2C%20Hackers%20Target%20Airlines&url=undefined%2Fblog%2Fpaypal-email-scam-breachforums-operators-detained-hackers-target-airlines%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fpaypal-email-scam-breachforums-operators-detained-hackers-target-airlines%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fpaypal-email-scam-breachforums-operators-detained-hackers-target-airlines%2F&title=PayPal%20Email%20Scam%2C%20BreachForums%20Operators%20Detained%2C%20Hackers%20Target%20Airlines "Share on Reddit") [ ](mailto:?subject=PayPal%20Email%20Scam%2C%20BreachForums%20Operators%20Detained%2C%20Hackers%20Target%20Airlines&body=Check out this article: undefined%2Fblog%2Fpaypal-email-scam-breachforums-operators-detained-hackers-target-airlines%2F "Share via Email")
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses.
> The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.
```
DMARC Report
```
PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-29256” readonly/>
```
```
Hello people! It’s July already, and we’re here once again with the latest global cybersecurity incidents. The threat actors are getting sophisticated with their approach, one [cyberattack](https://www.grocerydive.com/news/ahold-delhaize-usa-cyberattack-grocery-personal-data-exposed/751971/) at a time. So, you must \*\*stay alert and aware to prevent any kind of potential cyber mishap.
With this intention, we bring to you the first edition of the month. This bulletin involves the details of the latest PayPal scam. We will also focus on how \*\*French police nabbed the BreachForum operators. Lastly, we will discuss how a group of [threat actors](https://www.nbcnews.com/tech/security/us-treasury-says-computers-hacked-chinese-threat-actor-rcna185809) is now targeting airlines and the transportation sector.
Let’s not waste time anymore and jump into the details that matter!
## PayPal scam using real emails to trick users!
If you use **PayPal for receiving and sending funds**, this is something you cannot afford to ignore. A new PayPal scam is doing the rounds. The worst thing is that scammers have managed to carry out this cyberbreach in a highly convincing manner. Even the most aware and vigilant users are falling prey to this latest [PayPal scam](https://www.aol.com/paypal-scam-uses-real-emails-140047370.html?guccounter=1&guce%5Freferrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce%5Freferrer%5Fsig=AQAAAMK5FHibMMg1IowjzzKkkM70EZGqlOrCAl7GNUClD2xIpJHkT6%5FxrRPNUoqtgVH-k1fWhsHo8D%5FMzQxxcbgEi7s4PkgblQZiusKeGveatepY9ES5zIeMdF09W4gBGlM4nz4frqxp5%5Fc6V0KmnHFFl7owoS2A5NrBqORUzToJPS5d).
The cyberattackers are abusing the PayPal domain itself to send out [malicious emails](https://www.securitymagazine.com/articles/100687-the-last-six-months-shows-a-341-increase-in-malicious-emails) that look \*\*100% \*\*real and convincing. You will receive real-life messages through these emails that are too hard to tell apart. _Threat actors are misusing the “money request” or “add address” feature of PayPal to send out real emails from PayPal’s original domain_. Since each of these emails is coming from the real [PayPal domain](https://www.dynadot.com/domain/paypal), they pass through the \*\*authentication checks easily and land in your primary inbox. Also, there are rarely any malicious links added to these emails. All you will get to see is a phone number (the contact number of the scammer). The emails are designed in a way to grab your attention and compel you to take swift action without thinking much.
Once they have sent the first email, it is highly likely that they will follow up by connecting with you while pretending to be someone from the **PayPal support team**. Some emails can also contain a [malicious link](https://www.scworld.com/news/new-usps-text-scam-uses-unique-method-to-hide-malicious-pdf-links) to “ secure your account ”. Eventually, this link will lead you to a fake login page designed to harvest your [login credentials](https://hackread.com/hackers-fake-microsoft-adfs-login-pages-steal-credentials/) and other [personal data](https://www.nytimes.com/2024/12/14/us/cyberattack-rhode-island-ribridges-snap-medicaid.html).
Reddit and other \*\*cybersecurity forums are already buzzing with reports around this ongoing PayPal scam.
## BreachForums operators arrested in France!
The French police claims to have arrested the five main operators of the BreachForum cybercrime forum. Basically, it was a website where threat actors used to leak as well as sell stolen data.[ Le Parisien ](https://www.leparisien.fr/high-tech/la-police-interpelle-cinq-hackers-francais-de-haut-vol-derriere-un-celebre-forum-de-vol-de-donnees-25-06-2025-QJTPFTDPQZAP7B25MF24YLHU6E.php)claims that a [law enforcement](https://abcnews.go.com/Politics/law-enforcement-groups-sound-alarm-potential-dhs-intel/story?id=123451544) operation was conducted by **BL2C**, the cybercrime unit in Paris, this Monday. The \*\*Paris police department managed to raid different regions such as [Seine-Maritime](https://en.wikipedia.org/wiki/Seine-Maritime), Hauts-de-Seine, and Réunion. _During the raids, the police nabbed four hackers who were popular online as “Noct,” “Hollow,” “Depressed,” and “ShinyHunters.”_ The police department has claimed that the 5th operator, “[IntelBroker](https://www.teiss.co.uk/news/british-hacker-intelbroker-charged-in-us-for-multimillion-dollar-global-data-theft-scheme-15991),” has already been arrested back in February 2025.
The original [BreachForums](https://cryptorank.io/news/feed/d178c-intelbroker-indicted-british-national-faces-charges-for-25m-data-breach-on-breachforums) community shut down in 2023 after its operator, **Conor Brian FitzPatrick**, also known as Pompompurin , was arrested. The 2.0 BreachForums was launched by other active members of the original community. These five operators are accused of being involved in major data breach instances against France Travail, the [French Football Federation](https://www.euronews.com/2025/06/30/stop-this-massacre-french-football-union-blasts-club-world-cup-and-fifa-over-player-welfar), and [SFR](https://euroweeklynews.com/2025/06/17/sfr-network-crash-puts-france-offline/).
The BreachForums V2 was forced to go offline \*\*back in April 2025 after someone managed to exploit the site, leveraging a MyBB [zero-day vulnerability](https://www.trendmicro.com/vinfo/in/security/definition/zero-day-vulnerability). Since then, it has been offline.
## FBI and cybersecurity firms claim a specific hacking group is targeting airlines and the transportation sector!
Scattered Spider, a hacking group, is currently targeting the **airlines and transportation sector**. Experts like [Mandiant](https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations) and the security research division [Unit 42](https://unit42.paloaltonetworks.com/muddled-libra/) also claimed to have witnessed Scattered Spider’s attempts to target the airline industry. The FBI and [cybersecurity](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/) firms are urging airlines and the transportation sector to implement [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/) protocols to defend against escalating email-based threats.
_This is a group of mainly English-speaking hackers, specifically young adults and teenagers._ Their primary goal is to steal and extort personal data from company networks. They are well-versed in their hacking techniques, such as phishing, [social engineering](https://www.computerweekly.com/news/366580938/More-social-engineering-attacks-on-open-source-projects-observed), [ransomware deployment](https://www.darkreading.com/threat-intelligence/3am-ransomware-adopts-email-bombing-vishing), and subtle threats.
FBI believes that hackers can target anyone and everyone who comes under the airline ecosystem . WestJet, [Canada’s second-largest airline](https://www.dailyexcelsior.com/canadas-second-largest-airline-suspends-nine-us-routes-media/), as well as [Hawaiian Airlines](https://www.usatoday.com/story/travel/news/2025/06/26/hawaiian-airlines-reports-cybersecurity-event/84376414007/), have already been targeted by threat actors in recent times. However, it is yet not clear whether or not Scattered Spider is behind both of these cyberattacks. Media [reports](https://www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/), though, claim that the [WestJet attack](https://www.msn.com/en-us/travel/news/westjet-investigating-possible-cyberattack-make-sure-your-data-is-safe/ar-AA1GP63s?apiversion=v2&noservercache=1&domshim=1&renderwebcomponents=1&wcseo=1&batchservertelemetry=1&noservertelemetry=1) was carried out by the **Scattered Spider group**.
Apart from airlines, [Scattered Spider group](https://www.news18.com/world/what-we-know-about-scattered-spider-the-group-behind-airline-cyberattacks-ws-l-9419238.html) is also eyeing the transport industry, insurance sector, and the **UK retail sector**. _Before this shift in interest, Scattered Spider used to hack into the networks of casinos, technology giant,s and hotel chains_.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Brad Slavin ](/authors/brad-slavin/)
General Manager
Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.
[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines","description":"PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines from DMARC Report explains practical steps for email authentication, domain.","url":"https://dmarcreport.com/blog/paypal-email-scam-breachforums-operators-detained-hackers-target-airlines/","datePublished":"2025-07-04T08:29:35.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-07-04T08:29:35.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/paypal-email-scam-breachforums-operators-detained-hackers-target-airlines/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1125,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"PayPal Email Scam, BreachForums Operators Detained, Hackers Target Airlines","item":"https://dmarcreport.com/blog/paypal-email-scam-breachforums-operators-detained-hackers-target-airlines/"}]}
```