Account expires warns phishing email

Account expires warns phishing email

More phishing emails purporting to be from PayPal hit the email filters today. This time the emails are less sophisticated than previous efforts. They are still dangerous. The email we present today threatens the recipient with the destruction of their PayPal account.

Figure A shows the email. There is a PayPal logo at the top left of the email. The greeting used is “Dear Customer”. The Subject line of the email is “Your data : ID-154-8745-54”, although this may vary. The sender of the email is “PayPal”. One link is present in the email, with the anchor text “Click Here to Verify Now”. A copyright notice is at the bottom of the email. The email signs off with “PayPal Support”.

MailShark Account expires warns phishing email
Figure A – Click to Enlarge

As stated in the email, the recipient’s account will “be destroyed” unless they act in less than 48 hours. The reason given is that the user’s PayPal account expires in 48 hours. It is not made clear why the PayPal account is due to expire. The final sentence suggests it is due to a new email address for the account. The email presses the recipient to click on the link.

This email is a “classic call to action” type of email. The use of words such as “expire” and “destroyed” add to a sense of urgency. This is a common tactic used in phishing emails. There are several obvious signs that this email is not genuine. The grammar is poor throughout the email. The greeting is “Dear Customer”, whereas a genuine PayPal email will address the recipient in the name of the account. Mousing over the link reveals that it leads to a malicious site. This site aims to steal user PayPal login credentials.

Be wary of these types of emails. They are a ruse to force you to click on a link on the email. Never click on a link until you are certain of the veracity of the email.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

One Comment - Write a Comment

  1. I’ve seen a variation claiming that the recipient has paid a subscription to Skype using PayPal, again, mousing over the URL reveals a malicious one.

    As always: Just stop and think before you click that link!

    Reply

Post Comment