Do not pay, do not phone — PayPal attack warning

Getty Images

Updated October 26 with an official statement from PayPal regarding the do-not-pay, do-not-phone hack attack, as well as further advice on how to detect, deflect and deal with such threats.

Gmail users have been warned of a surge in image-based attacks, TikTok users are facing a VIP upgrade offer threat, and Lastpass has urged users not to change their master passwords as a you’ve been hacked email circulates. Now, security experts at KnowBe4 have issued a warning for PayPal users as cybercriminals use a genuine PayPal email address to send an invoice. Paypal itself has responded to this attack with a ‘do not pay, do not phone’ warning. Here’s everything you need to know about the latest scam that could prove costly if you don’t follow the advice given.

ForbesAct Now — Microsoft Issues Emergency Windows Update As Attacks BeginBy Davey Winder

PayPal Invoice Attack — What You Need To Know

The latest PayPal attack warning dropped into my email from the folks at KnowBe4 this week, informing me to be aware of a scam that purports to be from PayPal and is even delivered from a genuine PayPal email address. “You receive an email from a real PayPal email address,” the email warned, which “contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge.”

This may well sound familiar, not least as this type of TOAD attack is something I have detailed before. A Telephone-Oriented Attack Delivery threat usually contains a PDF invoice or other seemingly official document, along with messaging that uses urgency and fear of financial loss to persuade victims to call an adversary-controlled phone number.

Indeed, the actual PayPal version of the TOAD attack is not new either. I have warned again and again of the dangers of this scam. But nevertheless, it would appear, the very same attack is doing the rounds once more.

ForbesLastPass Warns ‘Are You Dead?’ Master Password Hack Attacks OngoingBy Davey Winder

“Cybercriminals create a PayPal account and use it to send you a fake payment invoice,” KnowBe4 warned, “the email you receive is real, but the invoice is not, and if you call the phone number in the email, you will not be connected to PayPal’s support team.” Instead, you get through to a threat actor impersonating a PayPal support worker but whose aim is to relieve you of your credit card details in order to refund you, or even ask for a fee to fix your ‘hacked’ account.

Scammers can “send fraudulent invoices, send fake messages using the involved messaging services, and even insert fake messages in the company’s ‘refund’ feature,” Roger Grimes, KnowBe4’s CISO advisor, said. “This particular scam, involving PayPal, has been around for many years as well. I’m not sure why PayPal isn’t better at detecting and blocking them,” Grimes concluded.

PayPal Responds To The Do Not Pay Attack Warning

Of course, it’s important to remember that such phishing attacks are not unique to PayPal, with many well-known brands targeted by attackers. Although security protections won’t save you from this PayPal attack, as they cannot detect the email as fake, because it isn’t, as far as the origin is concerned, you, as a human being, should be able to save yourself. The hackers still have to phish you, after all. The advice is clear: anyone receiving an unexpected or suspicious invoice or payment request, whether it appears to be from PayPal or another service, should not pay it or respond to it. PayPal tells me it is responding to the continual evolution of scamming tactics and methods, taking all the necessary steps to protect customers. These include a combination of manual investigations and technology to prevent fraud, including taking proactive actions like limiting scam accounts or declining risky transactions. But remember, be careful out there.

Furthermore, PayPal warns customers not to call any phone number, open any attachments or click on any links contained within “suspicious invoices or money request messages.”

Checking your PayPal account directly, not using any links in an email or document you have been sent, to look for suspicious transactions of the type that such phishing campaigns claim, is highly recommended, as this can stop you going any further before you even start.

ForbesSecure Your WordPress Website Now — 8.7 Million Attacks In 48 HoursBy Davey Winder

If you think you may have already been tricked into doing so, and have shared any personal information or account details, then it’s of the utmost importance that you change your PayPal password immediately. If you use this password for any other accounts, and please, please, please do not do that, as it expands your attack surface enormously for obvious reasons, then you must change those as well. Just make sure to use something unique and strong. A password manager is your friend here, as it makes the process of creating and using complex and random passwords, unique to each and every account and service, easy peasy. Enabling two-factor authentication shouldn’t be something that you need reminding of, but I will anyway: so do it if you haven’t already. Better still, switch to using a passkey if the option is available. PayPal also advised that in such circumstances, customers should contact both PayPal itself and the financial institutions concerned.

PayPal has said that it partners with leading consumer protection institutions, such as the Better Business Bureau, American Association of Retired Persons, Federal Trade Commission and the Aspen Institute. PayPal has also launched a Smarter Than Scams campaign with the Financial Technology Association to raise awareness of the latest common fraud trends. I highly recommend taking a look at the PayPal anti-scam resources, even if you think you already know how to spot one.

I approached PayPal for a statement, and a spokesperson told me: “We do not tolerate fraudulent activity on our platform and our teams work tirelessly to protect our customers. We are aware of this phishing scam and encourage people to always be vigilant online and mindful of unexpected messages. If customers suspect they are a target of a scam, we recommend they contact Customer Support directly through the PayPal app or our Contact page for assistance.”

ForbesAct Now — Google Issues New Emergency Update For 3 Billion Chrome UsersBy Davey Winder

The new FM26 graphics engine runs smoothly on Macs

Football Manager 26/Sports Interactive

The beta version of Football Manager 26 is out. The arrival of the new match engine, alongside a slight bump in required specs, might have Mac owners wondering whether the new game will play well on their hardware. Here’s how it performs on a Mac that just scrapes past the recommended requirements.

Football Manager 26 Required Specs For Mac

The minimum required spec for Football Manager 26 on Mac is as follows:

Processor: Apple M1 or Intel Core M

Memory: 4GB RAM

Graphics: Apple M1 or Nvidia GeForce GT 750M or Intel HD Graphics 5000 or AMD FirePro

The recommended spec bumps that up slightly to:

Processor: Apple M1

Memory: 12GB

Graphics: Apple M1

In other words, it looks like you really want to be on any Apple Silicon Mac to get the best chance of running Football Manager 26 smoothly.

The Spec Of My Test Machine

I’ve been testing the game on an M1 MacBook Pro from 2021, so one of the earliest Apple Silicon machines there is. It has the following spec:

Processor: Apple M1 Pro (10-core)

Memory: 16GB

Graphics: Apple M1 Pro (16-core)

So, the test machine is a step above the recommended requirements, but not massively so.

How Does Football Manager 26 Run On The MacBook Pro?

In short, very smoothly. With the move to the enhanced Unity match engine, I was fearful that it would prove too much for the M1 MacBook Pro, or that there would be a lot of lag and stutter during game action. But if anything, the match engine in Football Manager 26 runs more smoothly than the one in Football Manager 2024.

I’ve tested using both an external widescreen display (3,440 x 1,440) and the Mac’s own internal display and the game action has been very slick on both, with very few dropped frames or glitches. Perhaps the more modern graphics engine is better optimized for the Mac’s graphics hardware than its predecessor was.

Likewise, the new in-game UI is relatively slick on the MacBook hardware. There’s a lot of online criticism about the design of the new UI, with many early testers complaining about glitches and poor layout (some of which is justified), but in terms of raw performance it’s slick and responsive.

Occasionally, it takes a while for a screen to draw. The fixtures list is particularly prone to this problem, but having watched streamers such as Kevin Chapman playing on high-end PC hardware, this appears to be a game-wide bug, not an issue that is a result of relatively low-powered graphics hardware.

In short, overall Football Manager 26 performance on a Mac is very impressive. Unless you have a M1 MacBook Air/Mac mini with only 8GB of memory, which is beneath the spec I tested, I’d be confident the game will play on your Apple Silicon Mac without any problems.

Widescreen Support In Football Manager 26

As I mentioned my widescreen display, I thought it was worth touching on widescreen support in Football Manager 26.

There’s a lot of online noise about the game not exploiting widescreen displays, but that’s only partially true. Yes, the game’s main UI does not fully expand to take full advantage of widescreen displays. That means you get blank space on either side of the UI, which goes to waste.

Sports Interactive studio head Miles Jacobson has said he wants to make the new UI fully adaptive in time, but it seems unlikely that’s going to happen in the lifespan of Football Manager 26.

However, the new match engine does stretch right across the expanse of a widescreen display, so you do get a more immersive experience during match highlights. Granted, in-game highlights make up a relatively small proportion of the total time you spend in Football Manager and it is disappointing the main UI can’t take advantage of the extra space, but it’s not quite the case that Football Manager 26 doesn’t offer widescreen support.

Samsung has announced that it’s secured a partnership with Paris’s famed Centre Pompidou museum that will bring no less than 25 of the gallery’s most famous and revered masterpieces to Samsung’s online digital Art Store, enabling Samsung TV owners to download digital versions of the artworks to use as stunning low-power screen savers on their TVs. This being, of course, a far superior solution to your TV just leaving a big black rectangle in your room when you put it into standby.

La Fée électricité by Raoul Dufy is one of 25 masterpieces held at the Centre Pompidou Museum in Paris that’s about to be added to Samsung TV’s Art Store.

Photo: Centre Pompidou

The 25 Centre Pompidou paintings set to join Samsung’s Art Store from November 25 include Frida Kahlo’s The Frame, Piet Mondrian’s New York City, Wassily Kandinsky’s Get-Rot-Blau, Henri Matisse’s La Tristesse du Roi, Raul Dufy’s La Fée électricité and other works from the likes of Marc Chagall, Joan Miro, Yves Klein and Peter Doig. The collection spans more than 100 years of art history, reflecting what Samsung describes as “Pompidou’s role as a living archive of the modern art world.”

The Art Store is available on multiple models in Samsung’s 2025 TV line up, but the “turning a TV into a painting” concept is at its most impressive in the brand’s The Frame and The Frame Pro models. Thanks to such features as remarkably effective anti-reflection matte-finish screens, customisable bezels, flush wall mounts and, in the Frame Pro’s case, external wireless connections boxes so that you don’t have to connect any messy source cables to the TV, the customary differences between TVs and paintings really do get scrubbed away.

The Frame Pros also feature an upgraded “Neo” Quantum Dot LED screen compared with the regular Frame TVs, but experience suggests that the new Pompidou masterpieces will look remarkably life-like no matter which Frame TV you play them on.

Other Samsung TVs that now carry the Art Store and so will be able to access the Centre Pompidou collection include its premium Neo QLED 8K, Neo QLED 4K and even relatively basic core QLED models.

Adding the Centre Pompidou masterpiece collection to Samsung’s Art Store obviously vastly increases the number of people who can enjoy these works of art on a daily basis, without having to physically travel to the museum. There’s an added bonus to the Centre Pompidou collection joining the Samsung Art Store right now, though, since the museum is about to shut its doors for what’s described as a “once-in-a-generation renovation”. So the Art Store will enable art lovers to keep enjoying the museum’s masterpieces in glorious ultra high resolution while we wait for the refreshed Pompidou to open its doors at some point in 2030.

“Centre Pompidou has always stood at the intersection of art and innovation,” says Gaële de Medeiros, Head of International and Economic Development at the Centre Pompidou. “Through this [Samsung] partnership, our collection continues to be seen, shared and lived with, even as our physical space transforms.”

“Art doesn’t lose its power when walls close, it finds new ones,” adds Daria Greene, Head of Content & Curation at Samsung. “Through The Frame [TVs], these works can exist beyond geography, inviting people to experience modern art as part of their everyday lives.”

The new Centre Pompidou’s artworks will join collections already available on the Samsung Art Store from such galleries as The Met, The Tate, the Museum of Modern Art, and the Musée d’Orsay.

—

Related Reading

Samsung 115-Inch Micro RGB TV First Look: Boldly Goes Where No TV Has Gone Before

Samsung Launches Trio Of New Gaming Monitors—Including World’s First 500Hz OLED

Samsung Signs Up Multiple New Global TV Partners For Its Tizen OS Smart System