Unusual activity PayPal account

Unusual activity PayPal account

This week is PayPal phishing email week. Today we received yet another PayPal phishing email. This email informs the recipient their PayPal account is limited. This limitation is due to unusual activity on their PayPal account. The email is a fake.

Today’s phishing campaign is not a concerted attack. Figure A shows a sample of one of the captured emails. It is of moderate complexity for a phishing email. The email uses a heading with the text “Unusual activity to you PayPal account”. There is a copy of the PayPal logo installed in the top left. The email greets you with “Dear User”. The Subject line is “Your PayPal account has been limited”, and the sender of the email is “PayPal”.

There are two links in the email. The links are to different sites. The first link uses the PayPal logo as the anchor. The second link uses the anchor text “Proceed Now”. The email signs off as “PayPal”. Several standard lines follow, including a copyright notice. A PayPal email identifier at the foot of the email lends authenticity.

MailShark Unusual activity PayPal account
Figure A – Click to Enlarge

The email states that the user’s PayPal account is limited. The reason given is unsuccessful login attempts. The email tells the user to click on the link. This is for account verification. The email has a heading titled “What’s going on?” The heading appears out of place. We suspect it should be above the first paragraph.

Irrespective of errors in the placement of headings, this email is a fake. Usage of a generic greeting is a giveaway. Mousing over the links shows that they lead to a malicious site. The site is a copy of the genuine PayPal site. It captures user’s PayPal login credentials. You can check the PayPal site if unsure about an email. Don’t click on a link until you have confirmed its authenticity.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

2 Comments - Write a Comment

  1. Just got this one- Nice spelling mistakes. There’s been no activity on my account when I check it. Sending to PayPal Fraud Dept. The actual one. 😉

    PayPal Fraud Protection

    Your Account Has Been Limited Due To Unusual Activity

    Hello , [email protected]

    We have limited access to your PayPal account temporally , You received this message due to unusual acticity in your account.

    It’s important that you let us know because it helps us prevent unauthorised persons from accessing the PayPal network and your account information.

    Need to cancel or login paypal request?

    1. Click On The Button Below
    2. Verify Your Information To Activate Your Account

    Ρlease Mark This Email As “N0T SPAM” To Activate The Link Below, If This Email Appears In Your Junk Mail.
    Verify Your Account

    Thank you for your understanding and cooperation. If you need further assistance, please click Contact at the bottom of any ΡayΡal page.

    Sincerely,

    Ρaypal Service Center

    Reply
    1. Yes we’ve found this one common to be doing the rounds. Reporting to Paypal is a good idea also as they tend to organise the shutdown of the offending phishing sites hosting the malware or fraudulent web pages.

      Thank you for commenting Megan and sharing your experiences.

      Reply

Post Comment