Another day, another PayPal email scam.
MailGuard have intercepted and blocked two further variations of this age-old phishing scam targeting PayPal users.
Here are screenshots of the latest variations we have observed.
‘Confirm Your Mailing Address’ Fake Email – Variation 1
As you can see in the example above, the fraudster has forged the sender address to match the purported sender’s legitimate domain - this email appears to originate from, ‘firstname.lastname@example.org’.
This variation includes official PayPal branding including the PayPal logo and email signature text. Compared to similar, less convincing PayPal email scams we have reported on, this is a realistic attempt to mimic official brand communication.
Users are prompted to “confirm [their] mailing address” to remove the limitation on their account.
Upon clicking the “confirm my address” button, the user is directed to the hoax login page you see below.
This is an exact rip of the official PayPal login page – the non-legitimate URL in the address field is the only factor eluding to its inauthenticity.
This login page forms the foundation of this identity theft scam. The user is required to enter their email address and password to access their account – a backend script communicates the victim’s login credentials to the cyber criminals upon submit.
But wait, there’s more…
The user is redirected to the above information verification form.
The cybercriminals intend to lure the victim into completing the entire form to gain access to:
- Their PayPal account and any associated accounts that share the same username and password combination.
- Residential information which can be sold to telemarketers, or segmented by other cyber criminals into lists that can be targeted when orchestrating future attacks (that’s right, you’re signing yourself up for future attacks!)
- Their credit/debit card information to be used for fraudulent online (and offline) purchases.
- Security information (NAB card limit, Mother’s maiden name, Medicare card) which can be used to fraudulently gain access to a number of related accounts (bank accounts, government issued accounts).
Upon completion, the user is redirected to a legitimate PayPal login led to believe that there may have been a bug in their failure to verify their account.
‘Unauthorized Logon Attempts’ Identity Verification – Variation 2
As you can see in the example above, the sender, purporting to be “PayPal”, requires the recipient to verify their identity.
The cybercriminal has hyperlinked a legitimate PayPal destination URL to fool the user into believing they are clicking on an official PayPal confirmation link.
The victim arrives on the landing page above. Again, the obvious giveaway of this attempt is the non-legitimate URL in the web address field.
The form requires the target to “verify [their] account” by entering a number of personal residential details. Upon clicking the continue button they are directed to a classic credit/debit card identity theft attempt as you can see below.
The user is prompted to complete the form to verify and secure their PayPal account.
PayPal users have been hit particularly hard by fraudulent identity verification scam emails.
As a precaution, we urge you to immediately delete emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purported to be sent from. If you are ever unsure of an email that requires you to log into your account, head to the official website of the alleged sender to access your account.
PayPal offers a comprehensive online resource to help identify and report email scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report PayPal phishing scams, by emailing them at email@example.com.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.