Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation








Issue 131 - May 2012 (2nd Edition) - Page 1

Paypal 'We Need Your Help Resolving an Issue With Your Account' Phishing Scam

Issue 131 Start Menu

Next Article

Outline
Email purporting to be from Paypal claims that the company needs the recipient's help to resolve an account issue and that the account has been limited until "a little bit more information" about the account holder has been provided.



Brief Analysis
The email is not from Paypal. The message is a phishing scam designed to trick users into divulging their Paypal login details and other personal and financial information to Internet criminals.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: 14th May 2012
First published: 14th May 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: We need your help resolving an issue with your account !

We need your help

Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we've temporarily limited what you can do with your account until the issue is resolved.

We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.

What's the problem?

We need a little bit more information about you to help confirm your identity.

Case ID Number: PP-001-487-280-335


Click To Confirm

How you can help

It's usually pretty easy to take care of things like this. Most of the time, we just need a little more information about your account or latest transactions.

To help us with this and to find out what you can and can't do with your account until the issue is resolved, log in to your account and go to the Resolution Center.

Sincerely,
PayPal

Paypal Phishing Email




Detailed Analysis
According to this email, which purports to be from online payment service, Paypal, the recipient's Paypal account has been limited because the company needs more information about the account holder. The email claims that the account holder can help Paypal resolve the issue - and lift the imposed limitations - by clicking a link in the message and providing "a little more information" about the account and recent transactions.

However, the email is not from Paypal. Nor has the recipient's account been limited as claimed. The message is just one more fraudulent email in a continuing barrage of phishing scams that target Paypal users. Those who are taken in by the ruse and click the link as instructed will be taken to a bogus webpage made to look virtually identical to the genuine Paypal website. Once on the fake page, they will be prompted to login with their username and password combination. After "logging in", victims will be asked to provide detailed personal and financial information, as depicted in the following screen shot of the scam website:

Paypal Phishing Email - Fake Update Form

All the information submitted via the bogus login screen and via the fake "Profile Update" form can be collected by the criminals running the scam and used to hijack the user's Paypal account as well as to commit credit card fraud and identity theft.

As such scams go, this one is a little more sophisticated than some others of its ilk. The text of the scam message is more carefully worded - and grammatically more accurate - than many typical phishing scams. The address of the fake website includes "paypal" along with a long string of numbers and letters. This ruse is designed to trick users into thinking that they are actually going to a real Paypal site. A closer examination of the web address reveals that it actually points to a site that has no connection with Paypal at all but simply incorporates the word "paypal" to create an illusion of legitimacy. The fake site includes all of the elements and navigation links that will be familiar to Paypal users. However, clicking these links does not lead to another part of the site as expected but simply reloads the same scam form. Moreover, as is typical with phishing scam websites, the bogus form is not on a secure (https) webpage. No legitimate financial entity is ever likely to ask customers to provide sensitive personal or financial information on a non-secure web page.

Because it conducts its business primarily online and communicates with customers extensively via email, PayPal has long been a primary target for phishing scammers. Be very cautious of any email purporting to be from Paypal that asks you to click a link or open an attachment to supply account information. Watch for fake links disguised as genuine PayPal addresses. And Paypal emails will never include attached forms. Genuine PayPal emails will not use generic greetings such as "Dear Customer". They will always greet you by your first and last name. Paypal has provided information on its website that helps people to recognize and avoid phishing scams.

Bookmark and Share

References
Phishing Scams - Anti-Phishing Information
Difference Between http & https
Paypal 'Strange IP from a Different Location' Phishing Scam
PayPal 'Your Credit Card Information Has Changed' Phishing Scam
Your Guide to Phishing

Next Article

Issue 131 Start Menu

Pages in this issue:
  1. Paypal 'We Need Your Help Resolving an Issue With Your Account' Phishing Scam
  2. Boy Shot By Step Dad Charity Hoax
  3. One Direction Facebook Page Hacker Warning Message
  4. Windows Live 'Account Blocked' Phishing Scam
  5. 'Quilts in the Snow Photographs' - The Art of Simon Beck
  6. Shark Behind Scuba Divers Photo Hoax
  7. Facebook Survey Scam - Free Oakleys To All Facebook Users!
  8. Gang Initiation Warning Hoax - Infant Car Seat Left On Roadside
  9. Do Not Call - Mobile Phones Going Public Hoax
  10. Amazon 'Order Cancellation' Pharmacy Spam Emails
  11. Commonwealth Bank Phishing Scam - Online Access Suspended Message
  12. Circus Cruelty to Animals Protest Message - Baby Elephant Photograph
  13. Survey Scam - Free $1000 Walmart Gift Card Text Message
  14. Pharmacy Spam Emails Purport to be From YouTube
  15. Hoax - Picture of 'World's Largest Tortoise'
  16. Santander Online Banking Software Upgrade Phishing Scam
  17. Apple Store Account Phishing Scam
  18. Legitimate: 'Reminder to Update Your Legacy Blogger Account' Email