Users of the internet payment service, PayPal, have recently been receiving so-called phishing e-mails. These fake emails are sent by criminal gangs in an attempt to obtain the credit card details of PayPal users.
Phishing e-mail is a professional fraud
The professional-looking spoof e-mails are very similar to original e-mails sent by PayPal and are difficult to tell apart.
The fake e-mails use original PayPal designs, convincing subject headings and are written in very good German. In addition, the spoof e-mail is addressed directly to recipients and some even contain recipients’ personal postal addresses.
The most recent phishing wave includes an e-mail from email@example.com, asking for the recipients first and last names and stating “PayPal needs your assistance”.
There is also a fake e-mail containing the words “Important message concerning your customer account” which is sent from the account: firstname.lastname@example.org.
The phishing e-mail requests recipients to update their account details by clicking on a link. The link leads to a website, where once again the victim is addressed personally and where the victim is required to enter personal data including credit card details and limit. To give the website a genuine appearance, the details are then “checked”. However, instead of improving the recipients PayPal account, the details are forwarded to fraudsters.
Protection against phishing
Although it is difficult to differentiate between the professional-looking phishing e-mails and original e-mails from PayPal, there are signs of a fraud. These include: non-personalised salutations and bad grammar. However, as numerous phishing e-mails now use personal salutations, internet users should react with caution to any e-mails requiring personal and credit card details.
In its security guidelines, PayPal notes that it never contacts users directly via e-mail requesting personal or credit card details.
If you have doubts about any e-mails purporting to be from PayPal, you should contact the payment service immediately and ask them to check the e-mail.