A fake website designed to mimic the official PayPal site is being used in a ploy to steal recipients’ log-in details and credit card information.
A fake website designed to mimic the official PayPal site is being used in a ploy to steal recipients’ log-in details and credit card information.
Being blocked by MailGuard today, the scam tells recipients their PayPal access has been ‘limited’ until they update their account details.
The cybercriminals claim the restriction is because the account holder has violated their agreement with PayPal.
The email includes an authentic-looking ‘Case ID Number’ and tells recipients they have two days to restore their account, via an ‘Update Now’ button.
An unusual subject line, jolted sentence structures and the failure to capitalise the first words of sentences are hints that the text isn’t the work of a professional.
Those who click the button are directed to the apparently-compromised domain of a French-Canadian singer. The page has a PayPal logo and requests a user name and password.
Those who input their information have unknowingly handed over their PayPal login details to the scammers. Victims are then greeted with a second page asking them to update their account information.
Next, victims asked to input credit card details, including security code.
Note that the progress bar at the top of the page remains static at 30%.
Those who fill out the form and hit ‘Save’ have unwittingly given cybercriminals free reign over their credit card.
Next, a ‘success page’ tells the recipient they have successfully restored their account access.
Eagle-eyed readers may spot some sloppy spelling and grammar – the hallmarks of most phishing scams. ‘Your have restored your account access’ and an uncapitalised ‘re-login’ button are examples.
When users click ‘re-login’, they’re taken to the legitimate PayPal site. Unsuspecting users may never realise they have been scammed.
Protection against phishing emails
To protect your business against scams like this PayPal phishing email:
- Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations.
- Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
- To ensure safety, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.
- Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.
If you are unsure if a PayPal email is legitimate, simply contact the company directly.
Find more tips on identifying email scams by subscribing to MailGuard’s blog.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
