Another PayPal phishing email
We look at many phishing emails at MailShark. They vary in complexity. Some are clever. They still have signs indicating they are false. There are the medium level phishing emails. These emails look realistic on first glance, but have glaring errors. And then there are phishing emails that can be “solved by inspection”. The phish of the day falls into the final class.
Figure A shows the email. It is big on content, less so on substance. The email purports to be from PayPal. They did at least get the spelling right. The subject of the email is “Important: please confirm your informations withing 48 hours”. The email uses the heading “We need your help”. The greeting used is “Dear Customer”.
There are four links in the email. Three of the links lead to the genuine PayPal site. The fourth link is a malicious link. All the links use the URL as anchor text. The entire email is in plain text in any case. No PayPal logos are used. A PayPal email identifier is at the foot of the email. The email also uses a copyright notice and standard disclaimer notices. A Case identifier is provided.
The email informs the recipient that their PayPal account has restrictions. The restrictions have been imposed due to a “pattern of activity” on the user’s account. There is an implied urgency to the email’s tone. The email commences by saying that PayPal have emailed the customer previously, but had no response. This is a ploy. The email’s intentions are to suggest to the recipient that their PayPal account has been hacked. The recipient will then click on the link without checking the email for fake links.
This email is a scam. There are signs that it fake. The email greeting is one sign. PayPal do not use generic greetings. The grammar is clumsy. Finally, the main link that the email tells you to click on is not to PayPal. The link is to a phishing site.