Validate information says Phishing email

Validate information says Phishing email

The phish of the day is another PayPal phishing email. It’s not complex, but it’s not simple either. More middle of the road. Read on to see our phish of the day.

At least the email opens in an excited fashion, as you can see in Figure A. We will look at the content of the email shortly. A crude copy of the real PayPal logo is at the top left hand corner of the email. The subject line of the email is “Your Paypal Account has Been limited”. The sender of the email is “Paypal Inc.” One link is present in the email. The anchor text used for the link is “Log into my account”. There are no other features, branding or logos used.

MailShark Validate information says Phishing email
Figure A – Click to Enlarge

Thank you for using PayPal” is the opening line of this email. From there we head downhill rapidly. The email tells you that your PayPal account has restrictions. The email implies this is a follow up email. The email states that you have not replied to the first email. This is a trick. The email wants to plant fear of being hacked. The idea is that you will not look at the email, but instead click on the link. The email reinforces the sense of urgency by requesting you “update your account”. Your account can be validated by clicking on the link.

As you may have guessed, this email is a fake. Although the email greeting is friendly (cheerful even), this is a ruse. PayPal uses the name of the account holder. They may add a line afterwards saying thanks for using PayPal, but they will have a personalized greeting. Another sign is the awkward grammar. Finally, the link in the email is not a PayPal link. The link is to a phishing site.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

2 Comments - Write a Comment

  1. You know what would be nice…. if the author of these articles would follow the links and show screenshots of what is displayed, what information is requested from these phish sites, what IP and domain names these phishing sites currently use, etc. Even the headers of the phishing messages would be a useful item….
    I’d like to prevent phishing in my company, and block it…. I’m sure 99% of the readers can identify a phishing message…. lets throw some research into the article to help save the reader time from having to do it themselves 🙁

    other than that, it was a good article focused on identifying the latest paypal phishing attempt…

    Mike B

    Reply
    1. Thanks for the feedback. Unfortunately domain names tend to be a moving target. They usually last a few days at most. The situation is similar with IP addresses. We endeavor to provide what information we can, at the time we publish.

      We are looking to provide details on specific malware in future posts.

      Reply

Post Comment