New Phishing Scam Targets PayPal Users

Customers of Internet money transfer service PayPal are being targeted in an aggressive email phishing scam that is masquerading as an urgent security warning, a familiar scam for PayPal customers.

Paypal phishingCustomers of Internet money transfer service PayPal are being targeted in an aggressive email phishing scam that is masquerading as an urgent security warning, a familiar scam for PayPal customers.

Users of PayPal are receiving an email message from them that claims to be an urgent security warning. Those who follow the HTML link in the email are being redirected to a convincing facsimile of the PayPal website which claims that the user’s access is limited and presents them with a form asking for various banking information, including your bank name and credit card information, to remove the limitations, according to a post at Naked Security.

Along with the PayPal imitation page is the following massage:

When you will complete the document we have sent, remember to ALLOW javascript and ActiveX to run from the bar that will pop-up, otherwise we cannot verify the informations you have provided.February 22, 2011:Valued PayPaI Member, We have reasons to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.OPEN AND COMPLETE THE FORM ATTACHED IN THIS MESSAGE TO REGAIN ACCESS TO YOUR ACCOUNT.Thank you for your time and understanding, PayPal Resolution Center.

For those who make the unfortunate decision of filling out this form and following the directions in the above message, you are, in essence, spoon-feeding your financial information to some unknown fraudster. 

This scam falls in with a growing trend of attacks targeting online payment services.

The easiest and most reliable way to separate phishing scams from real email warnings is to go directly to the site that supposedly sent you the email–not following a link in the email–and logging in directly. If the site really has a security message for you, you’ll be able to read it via the PayPal messaging system.

Suggested articles

Phishers Capitalize on Headlines with Breakneck Speed

Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams — all with the same infrastructure.