Unusual activity PayPal account
This week is PayPal phishing email week. Today we received yet another PayPal phishing email. This email informs the recipient their PayPal account is limited. This limitation is due to unusual activity on their PayPal account. The email is a fake.
Today’s phishing campaign is not a concerted attack. Figure A shows a sample of one of the captured emails. It is of moderate complexity for a phishing email. The email uses a heading with the text “Unusual activity to you PayPal account”. There is a copy of the PayPal logo installed in the top left. The email greets you with “Dear User”. The Subject line is “Your PayPal account has been limited”, and the sender of the email is “PayPal”.
There are two links in the email. The links are to different sites. The first link uses the PayPal logo as the anchor. The second link uses the anchor text “Proceed Now”. The email signs off as “PayPal”. Several standard lines follow, including a copyright notice. A PayPal email identifier at the foot of the email lends authenticity.
The email states that the user’s PayPal account is limited. The reason given is unsuccessful login attempts. The email tells the user to click on the link. This is for account verification. The email has a heading titled “What’s going on?” The heading appears out of place. We suspect it should be above the first paragraph.
Irrespective of errors in the placement of headings, this email is a fake. Usage of a generic greeting is a giveaway. Mousing over the links shows that they lead to a malicious site. The site is a copy of the genuine PayPal site. It captures user’s PayPal login credentials. You can check the PayPal site if unsure about an email. Don’t click on a link until you have confirmed its authenticity.