Emmanuel Marshall 09 November 2017 17:01:09 AEDT 5 MIN READ

PayPal Brandjacked in New Criminal Email Attack

In the past 24 hours, MailGuard has blocked a new criminal intent email going after credit card information. With a subject that reads ‘Your PayPal account has been limited,’ this one is designed to look like an admin email from PayPal, but of course it is completely fake.

How Does This Bogus ‘PayPal’ Email Operate?

As you can see in the screenshot below, this bogus PayPal message is trying to make victims believe that their account has been ‘limited temporarily’ and they need to log in to correct the problem.

 Your PayPal account has been limited _ - Mozilla Thunderbird_261.png

If the message recipient clicks on the link provided they are sent to a bogus PayPal login page where they are asked to enter their email address and PayPal password.

Australia _ Login in to you account - Mozilla Firefox_262.png

Although this login page is fake, it is a well made forgery. The average PayPal user would likely mistake it for a genuine login screen.

Once the victim has been tricked into entering their login details, the scam website directs them to a page where they are asked to ‘update’ their personal information, including their full name, DOB, address and phone number.

account manage security - Mozilla Firefox_263.png

Once the victim has entered their personal details the bogus site asks for their credit card information, including expiry date, security code and credit limit amount.

Australia _ manage security - Mozilla Firefox_264.png

By the time the victim has completed this last page, the cybercriminals have acquired enough information to steal their identity and commit credit card fraud against them.

As if to add insult to injury, once the scam website has harvested the sensitive data from the victim, they are shown a reassuring final screen which tells them ‘congratulations - you have restored your account access’ and redirects them to the real PayPal website to allay any suspicions they might have.

account manage security - Mozilla Firefox_265.png
While the victim is feeling reassured that their account has been secured, the criminals behind the attack are busy exploiting their credit card information and stealing their money.

Because PayPal is such a well known and trusted brand, many people receiving this scam message would not hesitate to enter their details, and will stand to lose large sums of money as a result of their mistake.

MailGuard Customers Were Protected from the Fake PayPal Attack

Fortunately for our clients, MailGuard identified this email scam before it could reach their inboxes and do any harm. As of this morning, no other security services were detecting this threat.

Here at MailGuard, we are seeing criminal-intent emails like this cropping up on a daily basis. Cybercrime of this sort, where cybercriminals create a fake phishing page that looks like a well known company is known as ‘brandjacking.’ The criminals behind these attacks use the well known names of big companies to lull their victims into a false sense of security. These attacks have a high success rate for cybercriminals, because they leverage the trust we place in names like PayPal, Netflix and Microsoft to trick victims.

How Can I Tell if the Messages in my Inbox are Legit?

Although brandjacking messages like this one are often very convincing, there are a few tell-tale signs you can look for to identify a criminal-intent email:

  • Generic greetings, such as ‘Dear customer’
  • A sense of urgency: “Ensure your invoice is paid by the due date to avoid unnecessary fees”
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics
  • An instruction to click a link to perform an action
  • Obscure sending addresses that don’t match the real company’s domain URL
  • If in doubt, type the web address (URL) directly into your browser rather than clicking the link, or better still phone the company.


Take Action to Secure Your Inbox Today

For a few dollars per staff member per month, you can protect your business with MailGuard email and web security. You’ll significantly reduce the risk of malicious emails entering your network, and be protected by the most advanced cloud based security available.

Stay informed on breaking scam news. Subscribe to MailGuard's free weekly updates by clicking on the button below:

Keep Informed with Weekly Updates