Paypal Phishing is probably one of the most frequent scam attempts by phishing
Many people have been abused by a phishing scam using the name of Paypal. Keep in mind that PayPal will never ask for your credit card number via email. If you receive such an email, it’s certainly a phishing attempt, even if the e-mail may seem true.
How does the phishing scam using Paypal work?
- First, the scammers send you an e-mail pretending to be Paypal
- Under the pretext of security reasons, the scammers ask you to click a link to proceed to verification or to solve a problem.
- This link directs you to an imitation of the official site where you will be asked to confirm your credit card number or your bank information. The fake website is generally a quite good imitation of the legitimate site.
- Unfortunately, the information you provide by filling out a form or simply by sending an email does not arrive to Paypal but to the scammers who can now debit your account, usually by shopping with your money.
Paypal (the real one) having the possibility to make moves on your bank account, people are even more sensitive to an email alerting them about a risk of fraud. In addition, PayPal’s operating rules are not always well known and you would think it is not unusual to receive such email from them.
How to confirm the e-mail you received is a phishing attempt?
- Check that the e-mail address of the sender is finishing by “paypal.com” or paypal.”your country”. If “Paypal” is not in the e-mail address, or not located just before the extension (.com, .co.uk, …), then again it is probably a scam. For instance the e-mail address firstname.lastname@example.org is NOT coming for the official company.
- Very simple thing to check, Paypal will always begin their e-mails with your first name and your last name. If an email begins with “dear costumer” or “dear member” or something similar, then it is probably a scam.
- The link you are invited to click, is NOT redirecting you to an official website
Your account has been limited
This scam is very common and you will face this phishing scam attempt one day or another. Usually, the title of e-mail you receive is something like “Your account has been limited” as seen in the example below. Funny thing in this example is that the scammer has changed the bottom of the e-mail to let you think that it is normal to receive an email beginning with “dear customer”.
2 more examples
For these 2 examples, the text has been extracted :
Notice of Policy Updates
Some information on your account appears to be missing or incorrect.
Please update your information promptly so that you can continue to enjoy all the benefits of your PayPal account.
If you don’t update your information within 3 days, we’ll limit what you can do with your account.
If you need help logging in, go to our Help Center by clicking the Help link located in the upper right-hand corner of any PayPal page.
Please Secure your account
We identified several unacceptable intrusion attempts on your account online, someone tried to access your account from mini iPad named “enric ipad”.
Ipad adress ip: 220.127.116.11
Date: March: March 23, 2015.
This is the last reminder to log in to Paypal as soon as possible.
Paypal will provide measures to restore access to your account:
We hope now you are all aware of such phishing techniques and we hope you can avoid them.
4 thoughts on “Paypal Phishing”
I posted a classified on Craiglist and 4 people contacted me by SMS with paypal payment request. They all requested responses by e-mail only, urgently, with spelling mistakes. They all sent an e-mail with a fake paypal link : email@example.com
I even received a call from a guy with a strong African accent! Be careful, Paypal never sends any transaction confirmation email !!!!
the Paypa.com website (without the last l) is still in service and allows us to win an iPhone but you have to pay for shipping costs …
In the same way, I sent a leather jacket worth $180 € + $31 shipping and I’m still waiting for payment via paypal. I received an email asking me to buy for $250 of coupons to activate my account, which I did not do.
Official sites such as PayPal, indicates a search URL at the top of the page “https”. S indicates the security of the connection. In addition, just before these indications, a lock icon appears ALWAYS on secure sites. To test an attached link in an email, copy it to another web page or tab.
The fact of not clicking on the proposed link, does not activate the computer script which would be activated without your knowledge.