PayPal Phishing Scam Coming From Official PayPal Email Address
PayPal phishing scams are becoming more and more sophisticated these days, with hackers devising newer ways of duping users.
There are reports of a new and very sophisticated PayPal phishing scam that could dupe a rather clever user into parting with valuable personal information. This scam, which attempts to steal everything related to a PayPal user- PayPal login credentials, users address, credit card data, bank account data, passport details, identity card details, driving license details etc, has been discovered by HackRead.com.
The scam happens in the form of a phishing email which would be delivered to your inbox and not your spam folder, and which would inform you about a change in your “Billing Information”. You’d be informed that you need to click on a link hidden behind a URL shortener if it’s not you who has made the address change. The email, with the subject “re: [ Statement Update ] reminders: Your PayPal ID information”, comes from the email address firstname.lastname@example.org address. This email address, it needs to be noted, is a genuine PayPal address.
A detailed blog post published by HackRead.com discusses this email scam; the blog says- “It starts with an email that informs users about a change in their “Billing Information,” and directs that in case they didn’t make the supposed change they need to click on a link hidden behind a URL shortener to verify that it’s not them. “If you did not make these changes or you believe an unauthorized person has accessed your account, you should change your password as soon as possible from your PayPal ID account page,” says the email…The subject of this phishing email is “re: [ Statement Update ] reminders: Your PayPal ID information” which means the sender is trying to trick the users into believing that the email is part of PayPal resolution center and deals with an ongoing matter…The email comes to user inbox rather than going to spam folder while another important fact about this scam is that the email is being delivered by email@example.com address, which is a genuine email address officially used by PayPal to contact users.”
However, it’s not clear as to how hackers manage to use an official PayPal email address; notable is the fact that this email address has been used for scams since 2010. The HackRead.com blog post infers- “It could be that scammers are using fake senders, but usually, an email sent from a fake email sender goes straight into spam folder rather than the inbox.”
Once a PayPal user who receives the spam email clicks on the given link, he is warned of “suspicious activity” and then would be taken to a fake login page which looks exactly like an official PayPal page. The user would naturally sign in with his credentials; then he is taken to another page where he would have to enter details- address, city, state/county, zip code, country, phone number, date of birth, tax identification code etc. The user would also be taken to a page that would ask him to verify his card details- cardholder name, credit card number, CVV etc. If this gets through, the user is then taken to another page where he is asked to verify his bank account details, identity etc. He is asked to enter his account number, bank login ID, password, bank name etc. he would also be asked to verify his identity by uploading a copy of his ID card, passport or driver’s license. Thus, the hackers get everything they need to make some quick buck.
However, there is some good news. Google Chrome has already flagged the fake login link used for the phishing scam as a potentially dangerous website to visit. PayPal users, if they get any such mail, are advised to cross-check with the PayPal website directly.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.