Breaking: Bold PayPal scam phishes for passwords, bank details and ATM pin

Posted by Jaclyn McRae on 20 September 2016 15:50:00 AEST

A brazen new PayPal phishing email attempts to steal a range of private information including ATM pins and credit card details.

The email looks relatively sophisticated at a glance, but has some obvious hallmark of a scam: grammatical errors, awkward sentence structures and oddly-capitalised letters.

By clicking a ‘Confirm my account’, users are directed to a fake PayPal log-in page.

Bold_PayPal_scam_phishes_for_passwords_bank_details_and_ATM_pin_MailGuard1.jpg

The scam attempts to hide the actual phishing site you are visiting by encoding the entire page into the URL field of the browser. While “security.paypal.com” is part of the URL, it bears no relationship to the real PayPal page.

Bold_PayPal_scam_phishes_for_passwords_bank_details_and_ATM_pin_MailGuard2.jpg

However, once there, victims are informed their account can’t be loaded.

Bold_PayPal_scam_phishes_for_passwords_bank_details_and_ATM_pin_MailGuard3.jpg

They’re presented with another link, which leads to a page asking for their PayPal details – including date of birth, address and phone number.

After hitting continue they’re asked to add their credit card information, including expiry date and CSC. The error-ridden page heading: “Confirm your card for shop with PayPal right away” is another giveaway that this isn’t a professional communication sent by PayPal.

Bold_PayPal_scam_phishes_for_passwords_bank_details_and_ATM_pin_MailGuard5.jpg

Next, the phishing scammers get even more brazen. Advising users to ‘Confirm your bank account’, they request details including bank name, account number, password and even ATM pin.

Bold_PayPal_scam_phishes_for_passwords_bank_details_and_ATM_pin_MailGuard6.jpg

Having successfully gathered a huge range of personal and financial information, the cybercriminals advise that the account has been successfully updated, and is now ready for use.

Bold_PayPal_scam_phishes_for_passwords_bank_details_and_ATM_pin_MailGuard7.jpg

No stranger to hoax emails, PayPal offers security advice for people who suspect they’ve received a scam email. PayPal’s tips include these warning signs:

  • Generic greetings, like “Dear user”
  • False links. Hover over a link or tap and hold it on a mobile device to see its destination
  • Wrong, out of date or out of place logos or design
  • Upsetting or urgent statements demanding you react immediately
  • Bad spelling and grammar
  • Requests for financial or personal information

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. 

Our benchmarking shows that MailGuard is consistently 2-48 hours ahead of the market in preventing new attacks.

Find more tips on identifying email scams by subscribing to MailGuard’s blog.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Phishing Cyber Criminals Malware email scam Email Spam Scam PayPal Email Scam PayPal malicious email email fraud brand exploitation

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all