The PayPal email scam is very similar to one of many campaigns we identified last year, attempting to gain access to your log-in credentials, credit card and bank account details.
Readers should be on the lookout for an email similar to this sample:
As you can see, the PayPal phishing email appears to originate from the online payment company, informing readers that they need to update their account details in order to allow continued access to the service.
Vigilant users would be immediately suspicious of an email which contains a range of grammatical errors, including “Please take a moment to update your account informations”, but purports to come from a reputable organisation.
Once the readers have clicked the blue button, it opens a new webpage, which is a direct replica of an official PayPal log-in page:
As you can see the URL is clearly suspicious and contains no direct reference to PayPal.com. The user is asked to submit their email address and password, before clicking the blue “Log in” button, which directs them to the below page:
Here the recipient is told that access to their account has been suspended as a result of unusual recent transaction activity. By pressing ‘Continue’ and updating their account details, access will supposedly be resumed.
The next page of this Paypal email scam requests that the user submits a range of personal information, including their full name, date of birth, address and zip code, before pressing ‘Next’.
Here the user is then directed to provide a range of payment details, including their credit card number, expiry date and security number, before continuing:
The following page then asks for the user’s bank account details, before confirming that account restoration has been successful and redirecting to the official PayPal homepage, giving the impression that the process has successfully completed.
Meanwhile, cyber criminals now have access to range of personal details used to steal your identity:
- Your full PayPal account details
- Your credit card and bank account details, used to make purchases or appropriate funds
- A range of other personal information including your name, date of birth and address.
How to prevent phishing scams from damaging you
To protect yourself against scams like this PayPal phishing email, be on the lookout for emails which contain grammatical errors, but purport to be from reputable organisations.
You should also avoid clicking on links contained within the body of emails, but instead type the address into your browser or navigate through Google search. You can also hover you mouse over the link to check if the URL is legitimate.
Be particularly wary of emails asking you to provide personal information that the purported organisation should already have access to, particularly those which ask for bank account or credit card details.
If you are ever unsure if PayPal is contacting you, simply contact them directly.
For more great tips on identifying email scams, be sure to read and share our blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.
Adding a cloud-based email filtering solution will also prevent threats like this PayPal phishing scam from reaching you in the first place, by identifying and blocking malicious emails in real time through the cloud.
By combining cloud-based security with your on-premise anti-virus solutions, you will create a 365-degree approach to cyber security to protect your business against the latest phishing and spam variations.
Keep up to date with email scams affecting your business by subscribing to MailGuard’s weekly update.