Akankasha Dewan 15 November 2019 15:55:47 AEDT 3 MIN READ

Email scam spoofs PayPal once again; informs users their account access is ‘limited’

E-commerce company PayPal has once again been embroiled in a phishing email scam designed to harvest confidential data of users.

The emails use a display name of 'PayPal', with multiple suspicious domains as the source, including norple.com & mail.paypall.com. They are titled ‘Your account access has been limited’. Interestingly, the ‘To:’ header is missing from the email.

The email body advises the recipient that they have recently limited their account access due to ‘suspected and illegal uses’. To rectify the problem, the recipient is asked to check their account ‘by Clicking the button’ titled ‘Check it now’.

Here is a screenshot of the email:

paypal edited 15

Unsuspecting recipients who click on the button are redirected to a registered domain that appears similar to a legitimate PayPal domain. Currently this site is offline, though the links within the email are still actively redirecting to this domain. It is suspected that this would be a PayPal branded phishing page if it was up.

If any recipients did get through to the phishing page, they are vulnerable to having their PayPal account hijacked, their credit card credentials used to make fraudulent purchases and their identity stolen.

While this email includes official PayPal branding including the logo, it is less sophisticated than other email scams spoofing the company that we have intercepted in the past.  

Jolted sentence structures (including grammatical errors within the subject body) are hints that the text isn’t the work of a professional. Examples include “limited your account access due suspected and illegal uses”.

To protect your business against scams like this PayPal phishing email:

  • Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations.
  • Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
  • To ensure safety, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.
  • Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.

If you are unsure if a PayPal email is legitimate, simply contact the company directly.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

Is your business receiving criminal intent emails?

It's time to get the protection your business needs. 

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates