Another PayPal phishing email surfaces
Phishing emails supposedly from PayPal are certainly top of the hit parade this month. Today we pulled a sample of yet another PayPal phishing email from the MailShark spam filters. This one has an attached form that (the email says) is required to enable the recipient to continue using PayPal. Needless to say, the email is another attempt to steal the recipient’s credit card details, along with a host of other information.
Figure A shows the text of the email. The subject line of the email is “Access Limited”, whilst the sender is listed as PayPal. The email informs the recipient that their PayPal access has been limited, due to transactions that have taken place from an “unfamiliar location”. An IP address is provided.
The email goes on to say that they “believe someone has accessed your account without your permission” and that they have “limited the access to your account.” However, a form is provided to enable the user to verify that they are the account holder. All the recipient needs to do is download the form and open it in a web browser.
The form requires a slew of personal details, including credit card details. These details are in reality conveyed to the criminals who can then use it for their own purposes.
This particular email rates as a low complexity phishing attempt. There are several grammatical errors in the text of the message. Checking the actual sender of the email shows that it is not from the PayPal domain. The email has no salutation, let alone personalisation.
Whilst this email is a low grade phishing attempt, low grade can still be effective. In this case, the email implies someone has accessed the recipient’s PayPal account, but they can fix this by filling in the form. This plays on people’s concerns about the security of online services. Data breaches such as the Home Depot and Target certainly do nothing to allay people’s concerns.
Remember that PayPal emails will always be personalised. Don’t download attachments; if you receive this email delete it.