Confirm Billing Address says phishing email
Another PayPal phishing campaign started today. This one urges recipients to update their billing address. It’s a reasonable phishing email, let down by poor grammar.
You can see the email in Figure A. It uses a copy of the PayPal logo. The email commences with the salutation “Dear member”. The email sender is “PayPal Service”. The actual email domain is not a PayPal domain. The subject line of the email reads “You just need to confirm your billing address”. The priority of the email is set at “Normal”.
The crafters of the email re-used the subject line of the email as the opening line in the email message. An odd aspect of the email is the placement of the link. The link is towards the end of the email, under the lines “To get in touch with us”. The link uses the text “Click to Confirm”.
The reason for this email is confirmation of the user’s billing address. The email tells the user they have until the 30th April 2015. The email does not place pressure on the recipient. It does threaten consequences if the user does not comply by the due date. The consequences are deactivation of the user’s PayPal account. The email also has a reminder notice on passwords inserted in the body of the email. The reminder notice is from another website.
The email looks realistic on a cursory glance. Closer inspection reveals it to be a fake. There are four main signs to look for. The first one is the domain of the email sender. It is not PayPal. The second sign is the greeting used. It is a generic greeting. PayPal use the first name and the last name of the account holder.
The third sign is the grammar. There are several grammatical errors. Finally, the link in the email does not lead to the genuine PayPal site. It leads to a malicious site.