Realistic PayPal phishing emails in circulation
A very realistic looking email purporting to be from PayPal has started circulating. The email was blocked by our spam filters this morning. The purpose of this type of email is to scare the recipient into thinking someone has gained access to their PayPal account, and is using it to purchase goods via eBay. The email in is shown in Figure A. It’s supposedly for a payment to eBay. The email includes links to the item supposedly bought by the recipient. The email is in the form of an invoice. Subject line for the email is “Receipt for Your Payment to AU-AdCommerce-EOM@ebay.com”.
A link is provided in the email to allow the user to stop the transaction. The transaction identifier in the top right hand corner also has a link. Both of these links do not lead back to the PayPal website. Instead, they send the user to a realistic facsimile of the PayPal site.
Once on the bogus PayPal site the user is prompted to login using their username and password. When this is entered, the user is then asked for further information to supposedly stop payment of the funds. This extra information is supposedly requested to identify the user. In reality, the information is sent to criminals, for the explicit purpose of gaining access to the victim’s PayPal account and their credit card details.
This email is quite realistic on first appearances; however, one big giveaway is that the email does not address the recipient by name. PayPal emails always will address you by your name(s). Another second giveaway is that the two links provided (one for disputing the transaction and the other showing the transaction identifier) do not link back to PayPal. Mousing over them shows that they do not link back to PayPal.
If you do receive this email delete it immediately; do not click on the links.