A wave of PayPal phishing emails

Filed Under: Phishing, Spam

Over 200 million people have accounts on PayPal, making it a key target for internet fraudsters attempting to steal money.

One of the way that criminals try to get their hands on your cash is by phishing for your PayPal account details.

An aggressive campaign that we have seen widely spammed out in the last few hours does precisely that, pretending to be a security warning from PayPal.

PayPal phishing email

From: "PayPal" <tax@ato.gov.au>

Subject: Please confirm your identity

Attached file: update-account.html

Message body:
When you will complete the document we have sent, remember to ALLOW javascript and ActiveX to run from the bar that will pop-up, otherwise we cannot verify the informations you have provided.

February 22, 2011:Valued PayPaI Member, We have reasons to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.


Thank you for your time and understanding, PayPal Resolution Center.

Clicking on the HTML attachment will open your web browser, and might trick you into believing that you are on the genuine PayPal webpage.

Attached file steals PayPal information

However, this attack's intention is to trick you into handing over your credit card details, full date of birth and name and address.

If you're ever uncertain whether a message really comes from PayPal or not, visit the real PayPal website and log in as usual. If they really have a security message for you, you'll be able to read it via the PayPal messaging system itself.

Sophos products intercept the emails being used in this latest phishing campaign, ensuring that customers are protected.

, ,

You might like

7 Responses to A wave of PayPal phishing emails

  1. Andrea · 1653 days ago

    I've received these e-mails several times purportedly from PayPal, but didn't fall for it. However, someone did hack my Visa number last year and used it to run up about $2000 in charges. This had to be from some online site, as I don't use my Visa card otherwise. Scary stuff, but Visa made good and refunded the fraudulent charges eventually. I immediately got a new card and number. I hate to think of how many people actually fall for this scam.

  2. Kris · 1653 days ago

    One of the biggest clues to these phishing emails is the lack of correct English grammar and spelling. You'd think these idiots would at least TRY to make it appear more legit.

  3. Adina · 1653 days ago

    Real mail from PayPal is always addressed to you by name, which gives you a really good clue for spotting fakes.

  4. Lorna · 1653 days ago

    Also, if you receive a phishing email be sure to tell the company involved.

  5. Jeremy · 1652 days ago

    Strange how it's coming from the 'Australian Taxation Office' yet it still says Paypal?

  6. JoJo · 1649 days ago

    When I had an active paypal account, I use to get these all the time. I only used paypal for ebay purchases but don't buy from ebay or use paypal anymore.

    I've had to close out numerous yahoo email accounts because I kept getting phishing emails from spammers using legit companies. I stopped using yahoo as an email source. I've been using gmail, so far no problems.

  7. gman · 1500 days ago

    Ah, but is this a real genuine article, or is this a ruse saying pay pal is otherwise safe to use, and don't make corrections to your account so we can continue to steel from it:) LOL

    I didnt fall for the false query either, but it is good to know that people like Graham are posting these things to keep us all in the know. The dead giveaway for me was the .gov.___The second DOT was the first clue.
    Thanks Dude!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley