PayPal account review phishing email

PayPal account review phishing email

Much as we don’t like to say it, there are some realistic phishing emails out there. There are phishing emails that have our seasoned technical pros taking a second look, just to be sure our email filters haven’t scored a false positive. The email we present today is not one of those emails. In fact it is a little underwhelming. But we never underestimate a phishing email. Even the poor imitations have snared victims.

Take a look at Figure A and you will see what we mean. It’s a nondescript email by anyone’s standards. The greeting used is “Dear Valued Customer”. The sender of the email is listed at “PayPal”. The subject line of the email is “Account Review”. An attachment to the email is called Verification_2015.html”. There are no PayPal logos or branding present in the email. The email signs off with PayPal Account Review Department”.

MailShark PayPal account review phishing email
Figure A – Click to Enlarge

The email informs the user that “Our security system detected unusual charges to a credit card linked to your PayPal account.” The user’s account has been limited. The email provides instructions on what to do next. You guessed it; download the form and fill it out. This is not the greatest phishing email we have seen. But as a study by Google and the University of California show, blatant phishing attempts can still succeed.

Besides having no PayPal branding, the grammar is quite poor in places. The greeting is generic. PayPal state on their site that:

Emails from PayPal will always address you by your first and last names or by your business name. We never say things like “Dear user” or “Hello PayPal member.”

The attachment does not lead to the genuine PayPal site. Inside it leads to a phishing site. PayPal also state that:

Our emails don’t link directly to pages that ask you to enter sensitive information like your bank account, credit card, and national identification or Social Security numbers.

Delete this email if you receive it.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

2 thoughts on “PayPal account review phishing email”

  1. And PayPal has an email address (spoof@PayPal.com) that you can forward this phishing emails to so that they can try to track them down and deal with them. I wish every organization that handles your money had a similar email address to send such stuff to.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top