Unusual credit card charges warns fake email
These days it’s rare to go a week without at least one phishing email aimed at PayPal users. Today a second such email arrived in volumes. The quantity of the emails stopped by our email filters indicates the campaign is widespread. The overarching theme of PayPal phishing emails is account limitation. The scenario is simple. The user’s account has a limitation. The limitation is due to either missing account information or fraudulent activity.
The email presents a link (or an attachment) that will resolve the issue. Examination of the email shows that the website link leads to a malicious site. Usually the site is a phishing site. Today’s email warns the recipient of unusual credit card charges. The recipient must login via the link and confirm their details. Once again, the email is a scam. Delete it.
We have reproduced the email in Figure A. The main feature is the engaging headline in large type. The headline reads “Your PayPal Account Has Been Limited”. The email does not use a greeting. The sender of the email is “PayPal Support”. The email domain of the sender is pay-pal, which resembles the genuine PayPal email domain. The subject line of the email is “Your account has been Iimited Please Update it now”. Limited is misspelt. A single button with the text “Confirm Now” has the sole web link. There are no PayPal logos or branding. The reason for the email is unusual credit card charges. The email urges the user to clink on the link to confirm their identity.
Close examination shows the email is bogus. As stated above, the email domain is not the PayPal domain. There is no greeting. PayPal emails will use your account name. Finally, a check of the link shows that it leads to a fake PayPal site. Fake PayPal sites scoop up user logins and passwords, and steal credit card details.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service