Global online payments system PayPal is once again the subject of a multi-staged phishing email scam.
Titled “Suspicious Login Activity”, the email uses the display name “Service”, and includes PayPal’s logo and branding. However, the email address used in the “From” field doesn’t use a domain belonging to the company. It actually originates from a compromised mail security service.
The email body is designed to look like a transaction alert, containing details of a recent payment, incl. the transaction ID number and amount transferred. If users “don’t recognize this transaction”, they are directed to claim a refund and are informed their account has been “temporarily suspended” until their identity can be confirmed.
Here’s what the email looks like:
Unsuspecting recipients who click on the link are led to a fake PayPal-branded login page. This is a fairly accurate representation of the actual PayPal login page, and is professionally polished. The domain used in the page’s URL however, doesn’t belong to the company, and is a huge red flag that should point to the page’s illegitimacy. This page is actually hosted on a compromised website.
Upon “logging in”, users are led to a page informing them that their “access to sensitive account features will be limited”. This page includes support information like users’ Case ID and steps detailing how they can get their account access restored, as per the below:
Once users click “continue”, they are led to similar pages asking them for their personal details like address, bank account & credit card numbers. As you can see below, all of these also employ PayPal’s branding elements:
Once users enter and submit the above fields, the attacker harvests them for later use, and after being shown the below "Thank you" page, they are redirected to PayPal’s actual website:
If any user did fall victim to this scam, they are vulnerable to having their PayPal account hijacked, their credit card credentials used to make fraudulent purchases and their identity stolen.
We’ve intercepted several phishing email scams spoofing PayPal in the past. While some similarly claimed to detected unusual activity in users’ accounts, others took a different approach and claimed to confirm the addition of a new address to their accounts. Most of these scams, however, are designed to create panic and confusion among recipients and make them concerned about their account security.
Being a widely used and trusted online payments service supporting a plethora of online stores, PayPal is a popular target for cybercriminals, especially as more users shop online due to the closure of many physical stores during the COVID-19 pandemic. Many of us rely on PayPal as a trusted means of making and receiving payments securely, so naturally, when we receive an email supposedly from PayPal regarding an action required for our account, we would take action.
To trick recipients into falling for this scam, cybercriminals have incorporated multiple elements. These include:
Despite these techniques, recipients should be able to spot several red flags that point to the email’s illegitimacy. For instance, the user isn’t addressed directly in the email and the email contains clumsy wording.
To protect your business against scams like this PayPal phishing email:
If you are unsure whether a notification you’ve received from PayPal email is legitimate, simply contact the company directly.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.
As a precaution, MailGuard urges you not to click links within emails that:
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.