It’s hardly surprising that PayPal is the target of dodgy emails from fraudsters hoping to get their hands on your financial data. With so many people using PayPal, speculative phishing emails have a strong chance of finding a genuine user who might fall for it. But what’s interesting is how sophisticated and convincing these scam emails are becoming.
This tweet shows one recent clever email:
This fake PayPal email even made us look twice ?! Well designed, slick and personalised. The link leads to a fake login page! ?#Phishing pic.twitter.com/PNSbD3V5tM
— Action Fraud (@actionfrauduk) June 8, 2017
Action Fraud has noted that the emails are very realistic. Steve Proffitt of Action Fraud says: “Fraudsters are increasingly targeting people with very professional looking emails warning that online accounts have been compromised and asking you to click on links to verify your details. Action Fraud is now warning people about fake emails that appear to have been sent from PayPal. These emails ask you to log in and review your Paypal account. It is difficult to know if they are fake as they look so professional.”
Have you received a similar email? And is PayPal doing enough to protect users? As we noted recently, even they get confused: PayPal says genuine email is a ‘likely’ spoof.
8 Responses
You can tell it’s fake because it talks about “confirming your identity”.
How simply logging in to a Paypal account can confirm one’s identity is not clear. It wouldn’t confirm anything other than that a person can log into a Paypal account.
Also the headline says, “We’ve noticed unusual activity.” That’s the preferred headline of spoofers so straight to the Delete button.
It’s clear that scammers are scanning real Paypal emails to make theirs look the part, even though the text is a giveaway.
don’t sign in to links but it seems many do and their accounts get compromised they even get your ebay account don’t use same passwords and I can never understand how they hack accounts with special security
When I got one the difficulty in getting an answer to sending it to “spoof” at PayPal actually made me wonder if even they had to make a double take!
The only true protection you can have is know on ANY given day EXACTLY what your PayPal transactions are . . consider setting up a simple database/spreadsheet and having this handy on your PC’s desktop maybe?
I also ONLY use a dedicated non-web mail format email address for my PayPal accounts, keep it just for use with PayPal and set your email client, eg : Thunderbird, not to automatically open up a third window for new mail. Decide what to do with ANY suspicious email just from the title and, if in doubt, go directly to your PayPal control panel.
Yes, it takes time, but this has become the nature of our “on-line shopping world” and diligence is 101% necessary . . would be interesting to actually know if PayPal ever does have the tools to shut down these fraudulent email accounts though? Do they instead ONLY take the easier option and simply send back an automated response from “spoof”? They MUST be pro-active on this!
i’m actually gobsmacked at the low quality of spoof emails up until now.
i mean it isnt difficult to do a copy-paste of a real email and change the links, but for some reason spammers prefer to use a 5-year old template and bad grammar.
personally i feel if you send your bank details to “i am nigerian prince general and i want to help secure integration with americas how my bank account with you holding 5 million dollars safety for me…” then you deserve to be hacked.
for paypal to be unable to accurately and reliably identify their own emails, on their own email account set up specifically to identify spoof emails, thats just bloody shameful.
imagine if your bank couldn’t identify fraudelent correspondence from legitimate, they wouldnt deserve to deal with the public’s finances.
There aren’t enough hours in the day to examine and make decisions on the veracity of emails!
In my workshops I recommend that people never sign into any accounts through email links – not PayPal, not any banks, not even eBay for newbies. This simple manoeuvre keeps people safe from the majority of online fraud concerning spoof emails.
It’s also worth noting that a significant percentage of fraud originates from an internal source.
It’s PayPal’s fault. They do block accounts and send similar emails to users for no good reason… I had my account blocked for 3 days and no real explanation as to why!
I sent $48.99 to market partners/overstock. SHowed wrong item, and stuck in CA. For a week. WAnt a PayPal refund. USed my own credit card. HEard they were a scam. Why were they sending me the wrong item, and it’s been on the way from CA. All week. THey got their money. I want it back. ACtually, I am a very sweet person, but not right now. REverend Jackie Goodrich
Never click on anything in an email.
Never answer a question through an email link.
Only respond through the Ebay or Paypal sites.
Fraudsters don’t even need to send spoof emails.
They just tell Paypal their transaction was not authorised by them and they will get their money back.