Akankasha Dewan 04 October 2019 13:58:07 AEST 4 MIN READ

Emails purporting to be from PayPal hit inboxes; suspected to contain phishing links

MailGuard has intercepted multiple variations of an email scam impersonating global online payments system, PayPal. Sent via malicious domains originating overseas, these emails contain links that are suspected to harvest users’ confidential details.

2 variations of this scam were detected by MailGuard today morning (AEST), the 4th of October. Both emails use ‘PayPal’ in the display name field.

At the time these were detected, both emails contained links that were not necessarily a threat. However, they could be updated to point to a phishing page and it is suspected that they did in the past.

Here is the first variation:

PayPal 0410-1-edited

The body of this email indicates that the recipient’s Paypal account has been temporarily suspended, due to an unauthorized transaction request from their account. A link is provided to cancel the unauthorized payment.

Unsuspecting recipients who click on this link are led to a URL shortener which currently redirects to a site that is offline.

Multiple techniques have been employed by the cybercriminals behind this scam to boost its legitimacy. Not only have they incorporated PayPal’s logo, but they have also the included Apple App Store and Google Play logos at the bottom of the email to lend credibility.

Here is the second variation:

PayPal 0410 edited


The second example also indicates that unusual activity has been noticed on the recipient’s PayPal account. The message then goes on to state that some of the information on their account appears to be missing or incorrect and asks them to update their information promptly. Unsuspecting recipients who click on the link to ‘resolve now’ are redirected to a foreign language website.

Just like the first example, this email also employs several techniques to motivate the recipient into clicking the link. For example, the footer of this email includes PayPal security and privacy information, in what appears to be an attempt to lend credibility to the email.

 In addition, by indicating that their account will be closed within 2 days if users do not update their information, cybercriminals evoke a sense of urgency and panic, further motivating the recipient to take immediate action.

Many of us rely on PayPal as a trusted means of making and receiving payments securely, so naturally, when we receive an email supposedly from PayPal regarding an action required for our account, we would take action.

However, eagle-eyed recipients would notice several red-flags that point to the email's illegitimacy. These include spelling errors such as ‘cordialement, PayPal’ and the fact that the emails don’t address the recipient by name.

MailGuard urges email users to remember that cybercriminals prey on the brands that we trust and love, like PayPal, and to always think twice before clicking on any type of link or attachment within an email if they’re uncertain of its legitimacy.

To protect your business against scams like this PayPal phishing email:

  • Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations.
  • Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
  • To ensure safety, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.
  • Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.

If you are unsure if a PayPal email is legitimate, simply contact the company directly.

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates