PayPal Account Access Limited phishing email
Once again, PayPal users are being subjected to a phishing campaign. This one uses a few tricks to make the body of the email look authentic. The email informs the user that their PayPal account has had its access limited. This particular email was first stopped by our email filters on Monday. It is the latest in a long series of PayPal phishing campaigns, all of which use the “Account Access Limited” subject line (or similar) to grab a user’s attention.
The full email is reproduced in Figure A. The subject line of the email is “Account Access Limited”. This is a subject line that is likely to grab a user’s attention. The sender of the email is listed as PayPal.
As mentioned, the email does, on first glance, look authentic. It even has a nice little animation embedded in it. The text of the email states that the user needs to provide a few extra details in order to enable their account. The email also states that they have emailed the user prior to the current date requesting the extra information, but have received no response. This is a ruse designed to place urgency in the mind of the user, and fool them into clicking on a link.
Closer examination of the email provides several indications that it is false. For one thing, the grammar is fairly poor and the overall read of the email is disjointed. For another, the links do not lead back to PayPal, or anything remotely like PayPal. Instead they link back to a realistic looking facsimile of the PayPal site. The email also lacks a personalised salutation.
Checking the email sender though shows a domain name that is typographically very similar to a PayPal domain. The only difference is in the Top Level Domain suffix.
This email looks to use social engineering to fool a recipient into clicking on a link. A sense of urgency, combined with a fear of being hacked is combined in this email. If you do receive this email, delete it.