Sophisticated bogus PayPal emails lead to phishing

PayPal users are currently being targeted with emails purportedly coming from the e-payment giant and asking for their help:

Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we’ve temporarily limited what you can do with your account until the issue is resolved.

We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.

What’s the problem?

We need a little bit more information about you to help confirm your identity.

The email contains a link that will supposedly take the users to PayPal’s login page, but unfortunately lands them on a spoofed one.

Once the users “log in”, they are asked to fill in a boatload of personal and financial information, including their name, birth date, phone number, home address; debit/credit card type, number, expiration date and card verification number; their social security number and two of their security questions and answers.

Of course, once submitted, this information is sent directly to the scammers who can then use it to hijack the users’ PayPal account and perform identity theft.

Hoax-Slayer warns that this scam is a bit more sophisticated than previous ones, as the text of the scam message is rather accurate, and the address of the fake website includes “paypal” along with a long string of numbers and letters.

“The fake site includes all of the elements and navigation links that will be familiar to Paypal users. However, clicking these links does not lead to another part of the site as expected but simply reloads the same scam form,” he points out. “Moreover, as is typical with phishing scam websites, the bogus form is not on a secure (https) webpage.”

Don't miss