PayPal Phishing Scam | What is it and how to avoid getting scammed!

Author: | Last updated: June 8, 2018 | Security | Blog
PayPal Phishing Scam

A newly discovered phishing scam is currently targeting PayPal users by sending emails that attempt to convince users to enter important account information such as your full name, street address, date of birth, mother’s maiden name, credit card number, and more – essentially providing scammers useful insights on your identity.

How PayPal Phishing Scam Works?

First published by Christopher Boyd, the lead malware intelligence analyst at Malwarebytes – the scammers used a fake email address that is similar to PayPal’s official address with the exception of it being a complete hoax. In the illicit campaign, users are tricked into believing that a recent transaction they’ve made “could not be verified”. Here are two examples of what these email’s subject lines looks like:

PayPal Phishing Scam - Subject Line Examples

Image credits by Malwarebytes – kindly visit them for more information.

Clearly taking advantage of consumer fears over potential fraud, the subject line reads as:
Example 1
[New Transaction Statements] we’re letting you know : We couldn’t verify your recent transactions

Example 2
[New Activity Statements] [Account Hold] Re : Your payments processed cannot completed
However, anyone who speaks English natively have probably already noticed the painful grammatical flaws in the emails. A first and easy sign that the email is likely a hoax.
Once the email is opened, it’ll come with all sorts of legitimate-looking PayPal items such as their official logo and signature. Here’s what the email looks like:

PayPal Phishing Scam Email

Image credits by Malwarebytes – kindly visit them for more information.

At first glance, the fake email looks fairly real. It appears to be sent from the address “[email protected]” which is an official PayPal hotline. However upon careful inspection, you’ll soon realise that the scammers were merely naming their fake email address as “[email protected]” when in fact the actual address is much longer. The 2nd warning sign that this email is a hoax.
The email is designed to look as legitimate as possible with a simple button to rectify the issue it proposed. Upon clicking the button, you’re then directed to a fake PayPal landing page. Here’s how the page looks like:

PayPal Phishing Scam - Landing Page

Image credits by Malwarebytes – kindly visit them for more information.

The URL link that the button has directed you to appears to be a legitimate PayPal page – but after further inspection on the URL itself, it turns out to have nothing to do with PayPal at all. The deceptive URL in question is:


Note: The brackets [] are added to prevent any of our readers from accidentally clicking it.
With a URL such as that, it’s a no brainer that this email is a hoax – the 3rd warning sign. Even though everything else looks real enough, don’t forget that it doesn’t take a genius to easily draft up a similar legal-sounding email. They even provided you a fake “case ID” – you know, in case you were having doubts.
Clicking on the “Resolution Center” button will then lead you to another two pages that will ask you for your personal information. Here’s what those pages look like and what they want you to type in:

Information Required:
Full Name, Street Address, City, State, Zip Code, Country, Phone Number, Mother’s Maiden Name, Date of Birth

PayPal Phishing Scam - Personal Information Request

Image credits by Malwarebytes – kindly visit them for more information.

Information Required:
Cardholder Name, Card Number, Expiration Date, Card Security Code

PayPal Phishing Scam - Card Information Request

Image credits by Malwarebytes – kindly visit them for more information.

This is where it get’s really dangerous. Anything you type into those fields might already be logged even if you don’t click on the “submit” button. Of course, typing in any of your personal information is a huge NO! To put it in other words, this is where the scammers receive all of your personal information, gift wrapped from the panicked users.

“Sadly, anyone submitting their information to this scam will have more to worry about than a fictional declined payment, and may well wander into the land of multiple actual not-declined-at-all payments instead. With a tactic such as the above, scammers are onto a winner—there’ll always be someone who panics and clicks through on a “payment failed” missive, just in case. It’s an especially sneaky tactic in the run up to December, as many people struggle to remember the who/what/when/where/why of their festive spending.”Christopher Boyd, Malwarebytes


How To Avoid PayPal Phishing Scams?

Having the eye to spot a phishing campaign can be challenging, even to the trained eye. Fortunately, PayPal has provided a phishing guide on their website that outlines some of the things to identify a hoax when dissecting a suspicious email.
There are some simple rule-of-thumb to follow to keep yourselves safe. Here is our list of things to keep a watchful eye on:
1. Check for bad grammar or spelling

Sounds dumb, but the majority of scammers are not native English speakers – so they tend to make mistakes when creating these hoax emails.

2. Check the sender’s email address

Ensure that the address is from an official PayPal address.

3. Check for any deceptive URLs

Hover over the URL and it should give you an idea of the link it’s directing to. You could also right-click and copy the link into an incognito browser window to check if the link has anything to do with PayPal.

4. Check if official logo, artwork and signature are legitimate

For an amateur scammer, they might screw up by not using the most current version of the company’s emblems. However, it isn’t particularly difficult to retrieve these emblems from a large company like PayPal.

5. If it requires personal information – STAY AWAY!

It sounds counter-intuitive sure, but you want to be extremely careful when it comes to entering your personal information on the basis of a fraudulent requests. In any case, companies do not usually ask for information such as your credit card information or mother’s maiden name all in one request. Best to check with PayPal if the issue is indeed true.

If you think you’ve been targeted by scammers claiming to be PayPal, you should forward the entire email to [email protected].

Last but not least, help us get the word out and bring more awareness to the issue by sharing this with your friends and family!
If you need any help regarding our VPN services, we’re just an email away at [email protected]. Shoot us an email and our support team will try their best to help you out.

Related Posts

June 28th, 2018 Jon G