Significant changes cause account limitation
The latest PayPal phishing email warns of “significant changes“. These changes have caused limitations on your PayPal account. The block can be removed by clicking on a link and supplying extra information. The email looks realistic on first glance. If you receive this email, delete it. Do not click on any of the links.
Figure A shows the email. There is a realistic PayPal logo in the left hand corner. The greeting begins “Hello – We need more information from you”. The part of the phrase following the hyphen is anchor text for a malicious link. The email uses the headline “Your Account Has Been Limited” in large (31.5) type. Definitely attention grabbing. The subject line (with typos) is “Your account has been Iimited untiI we hear from you”. The sender of the email (also with a typo) is “PayPaI”.
A second link at the top right hand corner uses the anchor text “View online”. This link is also malicious. The third link uses the button with the text “Login In To Your Account”. This link is also malicious. The reason given for the email is a change to the user’s account activity. The email goes on to say that PayPal requires the user account to be updated. A copyright notice is fixed to the foot of the email. The formatting of text in the email is untidy.
There are several indications this email is false. The greeting is generic. PayPal emails always address you by your name(s). There are spelling errors in the email. The formatting is untidy. Finally, the links are not to PayPal. They are to a malicious site.
The cyber criminals have used a domain address that looks like a PayPal domain. The domains address contains the string “paypail”. The site linked to is a phishing site. The site steals user information including login credentials and credit card details. Delete this email if you receive it.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service