Daniel McShanag 24 December 2019 10:34:54 AEDT 3 MIN READ

Don’t fall for this new PayPal scam in the holiday rush

On the eve of Christmas and the holiday festive period, a new email phishing scam is arriving in inboxes masquerading as PayPal. The HTML email which claims to come from ‘PayPal Support’ has the subject ‘[Urgent] Account Verification Required’ and it alerts recipients that ‘We noticed some unusual activity’ on your account.


Some effort has gone into crafting this scam, with 23 different phishing links identified by MailGuard, all of which redirect to ‘paypallegally[.]com’, a new domain that was registered at 1AM AEDT by the cybercriminals behind the scam, shortly before the first scam emails began arriving in inboxes.

The email display and sending address, ‘no-replys@paypal-inc[.]com’, closely resemble legitimate PayPal addresses and may easily fool users who don’t take a moment to look more carefully.  

After clicking the ‘Secure my account’ button in the email, users are directed to the first login page where they are prompted for login credentials in the form of an email address and password.


After handing over login details, users are asked to verify that they are the owner of the account by confirming their full name, credit card number, expiration date and CVV.

paypal-scam-pic3-creditcard-01As one final step, users are prompted to enter an SMS verification code. Since the email does not request a mobile telephone number, this suggests that the scammers are using the earlier credentials to access the PayPal accounts.


Despite the technical sophistication of this scam, fortunately there are several grammatical errors that serve as warning signs to hurried holiday shoppers.  

PayPal is a popular target for cybercriminals. With close to 300 million users busily doing their last minute holiday shopping at this time of year, the site is an obvious target for a potentially lucrative email scam.

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

If you see an email from PayPal, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.

What to do if you receive a suspicious email

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

Cybercriminals use email scams to infiltrate organisations. All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network. 

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates