PayPal user agreement phishing email
Once again, PayPal users are being hit with a phishing email campaign. This time the phishing email tells the user that there are “changes to the PayPal user agreement”. The scammers are using a variation of social engineering to induce users to click on a link contained in the email. Needless to say, the email is a fake and can be deleted.
Figure A is a reproduction of the email in question. The subject of the email is “Update Your Account!” The sender of the email is listed as “PayPal Inc.” The email has a realistic looking PayPal logo fixed in the top left hand corner of the email. The email also contains a single picture embedded in the body of the email.
The email begins with the heading “Notice of changes to the PayPal user agreement”. The email salutation used is “Dear Customer”. Reading on it appears that the real reason for the email is an issue with the user’s account. The user is invited to click on a link containing the text “Activation link”. The user is urged to login using the activation link as soon as possible.
In addition to the Activation link, there are three other links contained in the email. These links point back to the genuine PayPal website, and are designed to add authenticity to the email. Finally, the email contains a realistic appearing copyright notice fixed to the bottom of the email.
As realistic as this email is, it is a fake. The two main standout giveaways are the actual link attached to the text “Activation link”, and the generic salutation. The salutation for all PayPal emails will address the name in which the account is held, not just “Dear Customer”. Mousing over the link shows that it will direct the user to a fake PayPal phishing site. This fake site is designed to harvest user credentials and credit card details.
If you receive this email, delete it. Also check the PayPal website for tips on detection of phishing emails.