PayPal Phishing Alert - Caution Advised

by drmani
10 replies
I've been bothered, like many, by multiple phishing attempts claiming to
be from 'PayPal', but *most* are amateurish ones which are easy to spot.

A few are more 'artful' - and very few get through the defences we've all
built up over years.

This is one such... it got auto-filtered into my PayPal email folder (and
that itself sets it apart as 'special', because most get junked by my
filters) - and if not for the fact there were multiple copies of them
on the same day, *might* have fooled me to explore... though I NEVER
click on an email link, would only login to PayPal through a direct
web interface.

Here is what the message says:

= = = =

SUBJECT: PayPal Account Security Measures

We recently noticed one or more attempts to log in
to your PayPal account from a foreign IP address.

If you recently accessed your account while traveling, the unusual
log in attempts may have been initiated by you. However if
you are the rightful holder of the account,click on the link below
to log into the account and follow the instructions.


- - -
(the actual link, which shows up in a source view of the email,
however is <http/> and other
messages had this as the link:


(I've disabled the links, please DO NOT click on them as they
are likely rogue sites that could harm your computer)

- - -

If you choose not to complete the request, you give us no choice but to
suspend† your account temporary.

It takes at least 12 hours for the investigation in this case and we
strongly recommend you to verify your account at that time.

If you received this notice and you are not the authorized account
holder, please be aware that it is in violation of PayPal policy to
represent oneself as an other PayPal user.Such action may also be in
violation of local, national, and/or international law. PayPal is
committed to assist law enforcement with any inquires related attempts
to missapropriate personal information with the intent to commit fraud
or theft. Information will be provided at the request or law enforcement
agencies to ensure that perpetrators are prosecuted to the fullest
extent of the law.

Thanks for your patience as we work together to protect your account.

PayPal Account Review Department.

= = = =

There are many reasons why this message is dangerous at this
particular point in time.

I received a LEGITIMATE query from PayPal last week to verify
address records with my account. This *sounds* like a follow
up to that request!

And I do access my account on occasion from a different country,
which is what the opening paragraph hints at. (the best lies
are ones grounded in a part of the truth!)

Flags that indicate it isn't legitimate:

1. No inclusion of my account name
2. Wrong PayPal email address
3. Cloaked link which is easy to spot

BOTTOM LINE: Do NOT react *emotionally* to any message that
purports to come from PayPal.

And NEVER click on links to PayPal in your email - instead
log in to your account directly through a web interface and
verify if the email was legit or not.

Hope this helps save a few troubled moments.

All success

P.S. - Another couple of phishing emails I got today, which
were however flagged by my email filters were:

Subject: Notification of Limited Account Access
To: undisclosed-recipients:


Subject: Your PayPal Account has been Restored
To: undisclosed-recipients:

#advised #alert #caution #paypal #phishing
  • Profile picture of the author Jeremy Kelsall
    I got almost the same exact email just earlier today!

    Unfortunately for me, about 2 weeks ago, I did click on one of the links and had to go through and change my password and alert paypal to the fact that I had fallen for one of "those emails"
    {{ DiscussionBoard.errors[256147].message }}
  • Profile picture of the author azgold
    I used to report them to PayPal, but there's been so many over the past year that I don't bother anymore, I just mark them as spam.

    I've also received quite a few from "Sympatico" threatening to close my account if I don't email them my email address and password immediately.

    Can't count how many foreign lotteries and inheritances I've received. Seems that the last about 15 months have been particularly bad for this crap, for me anyway.
    {{ DiscussionBoard.errors[256154].message }}
  • Profile picture of the author Wendy Maki
    Originally Posted by drmani View Post

    BOTTOM LINE: Do NOT react *emotionally* to any message that
    purports to come from PayPal.

    Dr. Mani makes a *really* good point that applies to all kinds of spam and scammy emails, not just the ones pretending to be PayPal.

    It's the instant emotional reaction that will get you in trouble every time. It doesn't matter whether it's fear, or greed, or curiosity, or whatever. It's just so easy to click.

    My personal *rule* if I don't know *exactly* what I'm looking at in an email is NEVER to click on any link (to go direct to sites like PayPal) and to close the email and look at it a little bit later with a cooler and clearer perspective so I don't do anything reactively. And I look at the source code if I need to.

    That *pause* is the best protection anyone has with all those emails.

    -- Find blues festivals around the world at the directory and jazz festivals at

    {{ DiscussionBoard.errors[256242].message }}
    • Profile picture of the author kumar
      I received a mail today from 'Paypal' informing me of some new features. This was the subject line:

      Paypal launches new features in your market!

      Some of the links it had, pointed to http://email1dotpaypaldotcom/some gibberish chars.

      It was signed by the PayPal Asia team.

      The fact that it didn't have a 's' (for secured) after the http raised a red flag to me. I am going to forward this to Paypal to see if it was a phishing attempt.

      Will keep everyone posted.

      Life is not a sprint, its a marathon. A bad start does not really matter too much

      {{ DiscussionBoard.errors[258739].message }}
  • Profile picture of the author Dixiebelle
    You wrote:

    I received a LEGITIMATE query from PayPal last week to verify
    address records with my account. This *sounds* like a follow
    up to that request!

    You didn't say whether this was a message in your Paypal message center, or a direct email to you. If this request came in an email, it was definately not from Paypal or ebay. They never, never, never ask you for personal info in an email.

    What you received last week was the pre-empt to the second one, in order to make the second one look legit.

    Never click on anything in those emails. If it is a legitimate request from Paypal, they always tell you to log into your account and check your messages. If an email message isn't also in your Message Center, then it isn't from Paypal or ebay.

    {{ DiscussionBoard.errors[258918].message }}
  • Profile picture of the author tommygadget
    I get those all the time. I also get spoofed emails from Bank of America, Citibank, Wells Fargo, etc. I don't have any accounts with them so it makes it easy to spot.

    {{ DiscussionBoard.errors[258923].message }}
  • Profile picture of the author gimmick
    Somebody actually hacked and used my eBay account few years back and I got a similar request from them, it was legitimate however, and the issue was solved by changing my password, but the above example is a dangerous example of how well some of these attempts made these days.
    {{ DiscussionBoard.errors[258981].message }}
  • Profile picture of the author mudmat
    Woa.. This is dangerous.. Just have to be careful when receiving emails from paypal and banks..
    {{ DiscussionBoard.errors[258999].message }}
  • Profile picture of the author Fendi Salim
    If you are opening the emails from outlook or similar,
    check the message souce from the internet header.

    If using outlook,

    1. Open Message
    2. Click File (Top Left)
    3. Click Properties
    4. Click Details
    5. Click Message Source
    6. Check the original source of the email
    >> Free Wordpress Themes << | WP Design Partner Wanted - PM Me
    {{ DiscussionBoard.errors[259036].message }}
  • Profile picture of the author Frank Donovan
    Originally Posted by drmani View Post

    Flags that indicate it isn't legitimate:

    1. No inclusion of my account name
    2. Wrong PayPal email address
    3. Cloaked link which is easy to spot
    Don't forget number 4:

    4. Poor English grammar (assuming you copied the message verbatim)

    TOP TIP: To browse the forum like a Pro, select "View Classic" from the drop-down menu under your user name.

    {{ DiscussionBoard.errors[259059].message }}

Trending Topics