Policy update changes says phishing email

Policy update changes says phishing email

We can never quite get through a week without getting at least one batch of phishing emails claiming to be from PayPal. Today we present another phishing email claiming to be from PayPal. This one is something of a rehash of a previous phishing email described here in December last year. The criminals made a few minor changes, including adding in a footer to the email.

Figure A is the full email. A copy of the PayPal logo makes the email look realistic. The subject is “Your account has been Iimited untiI we hear from you”. This includes typos; limited and until are misspelt in the subject header. Similar, the sender of the email shows up as “PaypaI Service”. The heading used for the email is “Notice of policy updates”. One link is present in the email. The anchor text of the email is “Click here to confirm”. The email uses the greeting “Dear PayPal customer”. There is a footer attached to this email. The footer spells PayPal as “PayPaI” in three instances. Finally, a case ID number is specified in the email. Again, this is to make the email look authentic.

The email states that the recipient’s account has been limited. This is at odds with the heading. Reading the heading would give many people the impression that the email is a notification. The email informs the user that PayPal needs some more information to confirm their identity. The user is requested to click on the link to proceed with confirmation.

As you might expect, this email is a fraud. The spelling errors for PayPal would (we hope) arouse suspicion in most users. It does appear that the crafters of the email didn’t bother to check the spelling. Mousing over the link shows that it goes to an IP address. This IP address is a malicious phishing site.

Apart from a few minor differences, this resembles December’s phishing email. And like December’s phishing email, it can be deleted.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service