PayPal phishing attack – would you have been fooled?

PayPal logo
Here’s an email I received this morning claiming to come from PayPal, informing me that my account has been suspended because someone has been repeatedly trying (and failing) to access it.

Subject: A high number of failed login attempts have been recorded on your online account..

Message body:
We are sorry to inform you that your PayPal Account has been suspended.

A high number of failed login attempts have been recorded on your online account.

As a security measure we had to temporarily suspend your account. To restore your account we have attached a form to this email.

Please download the form and follow the instructions on your screen.

NOTE: The form needs to be opened in a modern, javascript enabled, browser (ex: Internet Explorer 8, Firefox 3, Safari 3, Opera 9).

We apologize for any inconvenience this may have caused.
Sincerely, the PayPal security team.

Copyright © 1999-2010 PayPal. All rights reserved.

Sounds scary, doesn’t it? After all, the only type of person likely to be trying to hack into your PayPal account is likely to be a cybercriminal.

Attached to the email is a file called “Your Account Has Been Suspended.html” which, if you open it in your browser, displays a form asking you for your credit card details and other personal information in order that PayPal can restore your account.

PayPal phishing

The only problem, of course, is that the email isn’t from PayPal and is instead an attempt by online hackers to steal your information.

You might not have fallen for a scam like this. But what about your elderly relatives or some of your colleagues in the office? Would they have recognised this email for the scam that it is?