Cheeky PayPal phishing email
PayPal is one of the biggest targets of spam emails so far this year. Today we’ve stopped still more PayPal spam emails, once again attempting to steal user credentials. The phishing email campaign currently underway tells the user that their PayPal account is limited, until they update their PayPal account details. It does contain a somewhat cheeky assertion within the email that PayPal always use the salutation “Dear Customer” in their emails.
Figure A is a screenshot of one of the spam emails. The subject line of the email is “Your Account Has Been Limited. Please Update Your Account Information.” The sender is listed as “PayPal”. There are six links contained in the email. One of the links is to a button with the words “Update Account”.
The reason given for the email is that PayPal have detected “unusual charges” to a credit card attached to the PayPal account. It begins with “Dear Customer” and goes on to explain that the recipient needs to update their PayPal account information. Doing so will remove a limit placed on the user’s PayPal account.
An eye catching heading “Your Account Has Been Limited” is large blue font dominates the email. This is designed to capture the attention of the recipient. Further down, the email contains links for Help, Contact details and Security. The email also explains to the recipient (who may be doubting the email is from PayPal) that “emails from PayPal will always address you ‘Dear Customer’”. A cheeky assertion, and an attempt to fool users. The bottom line of the email contains the standard copyright notice and the address of the Singapore office of PayPal.
Regardless of what this email says, PayPal have stated on their site that “PayPal emails will always use your first and last name, or your business’s name.” In other words, emails from PayPal are personalised. Checking the links reveals that most of them do lead back to a genuine PayPal site, except for one; the link in the button. This is one link that is probably most likely to be clicked, and it leads to a phishing site that looks similar to the real PayPal site. The criminals crafting the email have taken a punt that most recipients would click on the button, and not bother with the other links. The email has a number of grammatical errors, which would tend to give it away as a phishing email to most people.
Delete this email if you receive it.