Breaking: New Paypal Phishing Scam Now Circulating

Posted by Richard Price on 29 February 2016 17:28:19 AEDT

Beware of a new PayPal phishing scam that’s hitting inboxes today.

MailGuard first detected and blocked the scam this morning, however at the time of writing (four hours later), our tests show that mail users with 56 other anti-virus engines are still vulnerable, with those providers yet to detect and block the threat.

This new PayPal email scam encourages users to surrender log-in credentials, credit card details and other personal information, in a similar way to other recent attacks.


The fake PayPal phishing email appears to come from the internet payments giant (although you’ll notice a slight branding inaccuracy of a hyphen used in ‘Support Pay-pal’), informing readers that key security information on their account has been changed and encouraging them to log in to their account using an enclosed link.

Once the user has clicked on the link they are taken to a phishing website, where they are asked to submit their PayPal username and password, before updating various details including personal information and credit card details.

An example of the phishing webpage is shown below:


Vigilant users would be immediately suspicious of a website claiming to be an official PayPal page but whose URL is PayPal would also not ask readers to submit credit card details in the event of your account being compromised.

Protection against phishing emails

To protect yourself against scams like this PayPal phishing email:

  • Beware of emails which contain grammatical or branding errors, but purport to be from reputable organisations.
  • Always hover you mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
  • To ensure complete safety, type the URL it into your browser or navigate through Google search.
  • Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.

If you are ever unsure if a PayPal email is legitimate, simply contact them directly. You can find more tips on identifying email scams here at the MailGuard blog.

Adding a cloud-based email filtering solution will prevent scams like this PayPal phishing email from reaching your inbox and getting in front of staff.

While other security providers are yet to identify this phishing scam, MailGuard’s cloud technology successfully blocked the threat immediately, in real time.

If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email

Keep up to date with email scams affecting your business by subscribing to MailGuard’s weekly update.

Keep Informed with Weekly Updates

Topics: Spam Phishing Email Spam PayPal Email Scam

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all