Email scam spoofs PayPal again; suspected to deliver a phishing attack

Posted by Akankasha Dewan on 16 May 2019 17:12:27 AEST

E-commerce company PayPal has once again been embroiled in an email scam. It is suspected that the email scam spoofing the company is a phishing one designed to harvest confidential details of PayPal users.

First detected on early morning Wednesday, the 15th of May (AEST), the email claims to come from PayPal, with a display name and sending address to match. We found that the cybercriminals behind the email scam are forging the domain, "" when sending the emails.

As of today, the 16th of May, MailGuard has detected that the scam is still hitting inboxes, with a different domain being forged: ''

The email body is pretty short, advising recipients that their PayPal account has been ‘limited’ due to 'suspected and illegal uses'

The recipient is asked to check their account as soon as they can by clicking the button below. Here is a screenshot of the email:

paypal edited


Unsuspecting recipients who click on the link titled ‘Check it Now’ are redirected to a single page, which is currently offline. It is suspected that this would be a Paypal branded phishing page if it was up.

If any recipients did get through to the phishing page, they are vulnerable to having their PayPal account hijacked, their credit card credentials used to make fraudulent purchases and their identity stolen.

While this variation includes official PayPal branding including the logo, it is less sophisticated than other email scams spoofing the company that we have intercepted in the past.  

An unusual subject line and jolted sentence structures (including grammatical errors within the subject body) are hints that the text isn’t the work of a professional. Examples include “Limited your account access due suspected and illegal uses”.

To protect your business against scams like this PayPal phishing email:

  • Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations.
  • Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
  • To ensure safety, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.
  • Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.

If you are unsure if a PayPal email is legitimate, simply contact the company directly.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all