Phishing email impersonating PayPal confirms the addition of a new address

Posted by Akankasha Dewan on 13 February 2020 16:57:30 AEDT

E-commerce company PayPal has once again been embroiled in a phishing email scam designed to harvest confidential data of users.

MailGuard intercepted the malicious emails earlier today morning (AEST). Using the display name of 'PayPal', the email infiltrated inboxes with the subject ‘You’ve added new address to your account’. It actually comes from a compromised email account.

The email body includes a PayPal logo. It indicates that a new address has been added to the recipient’s PayPal account and that this email is simply a confirmation email of this fact. At the end of the email, the recipient is advised that if they did not add the address, it is important that they click on a provided link “right away" to ensure no one is getting into their account without their knowledge.    

Here is a screenshot of the email:  


paypal 1302 edited 2

Unsuspecting users who click on the link are taken to a fake PayPal-branded phishing page that asks for their email and password, as per the below:

Paypal 1302_1

Upon ‘logging in’ users are then taken to another page that asks them to update their billing address:

paypal 1302_2

After users have filled in all fields and clicked ‘continue’, they’re taken to one final page that asks them for their credit card details:

paypal 1302_3

If any user did fall victim to this scam, they are vulnerable to having their PayPal account hijacked, their credit card credentials used to make fraudulent purchases and their identity stolen.

We’ve intercepted several phishing email scams spoofing PayPal in the past. Some of these took a contradictory approach to the technique used in this scam. Instead of confirming new activity (like the addition of an address in this case), they informed recipients of ‘unusual activity’ in their accounts. Both types of scams, however, are designed to create panic and confusion among recipients and make them concerned about their account security.

If you are unsure whether a notification you’ve received from PayPal email is legitimate, simply contact the company directly.

Cybercriminals behind this scam have incorporated multiple elements to boost this email’s credibility. These include:

  • use of a major brand name to inspire false trust; using ‘PayPal’ as the display name boosts the email's credibility,
  • inclusion of high-quality branding elements like PayPal’s logo & branding in the login page that are typically present in pages from the company and,
  • an alarming body; informing recipients that they need to click on the link ‘right away’ if they didn’t add an address creates a sense of urgency and anxiety, motivating users to take action immediately without checking on the email’s authenticity.

Despite these techniques, eagle-eyed recipients should be able to spot several red flags that point to the email’s illegitimacy. For instance, the user isn’t addressed directly in the email and the email address used in the ‘from’ field doesn’t contain a PayPal domain.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing PayPal brand exploitation brandjacking fraud spoofing fastbreak

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all