Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation

Divider









Phishing Scam Targets PayPal Users

Summary:
Email claims that the recipient's PayPal account will be suspended if he or she does not update account information.

Status:
False - The email is the first part of a scam designed to steal personal information.

Example:(Received August 2006)
[Text of scam message]

Subject: PayPal Account Suspension Notice - PayPal Account Limited

Dear valued PayPalŪ member:

It has come to our attention that your PayPalŪ account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension.

Once you have updated your account records, your PayPalŪ session will not be interrupted and will continue as normal.

To update your PayPalŪ records click on the following link:
[Link to fake website Removed]

Thank You.
PayPalŪ UPDATE TEAM

Screenshot of original scam email
HTML version of scam email


Commentary:
The phishing scam message shown above is typical of many other fraudulent emails that target users of online payment service, PayPal.

The scam email is formatted to look like a genuine PayPal message and includes official looking logos. The message warns recipients that their PayPal account will be suspended if they do not update their personal records. Recipients are instructed to click a link in the email to update their account. The message uses HTML to disguise the link so that it resembles a genuine PayPal web address.

Recipients who click on the bogus link are taken to the following fake PayPal login page:

Bogus Login page

Although the web page closely resembles a genuine PayPal page, it is in fact a fraudulent copy that tries to trick victims into entering their PayPal email address and password.

Once a victim logs in to the fake site, he or she is then asked to provide credit card details as shown in the screenshot below:

Fake Update Request

If the victim provides credit card details and clicks the "Submit" button, he or she is requested to provide other sensitive personal information on subsequent pages of the fake web form.

Information entered into the fake website can then be used by the scammers to access the victim's genuine PayPal account, use the victim's credit card and possibly even steal the victim's identity.

Be wary of any email that asks you to click a link and provide sensitive personal information such as passwords or credit card details. PayPal and other legitimate companies do not request such information from customers in this way. To learn how to recognise phishing scams and effectively protect yourself from this sort of fraud, follow the link below.

Phishing Scams - Anti-Phishing Information

The PayPal website also provides comprehensive information about PayPal related scams.


Important Note:
Phisher scammers target many financial institutions and online entities almost continually. At any one time, there may be a number of different scam email versions all directed at a particular bank or online company. Examples of scam emails included on this website may represent only a few of the plethora of versions that are being distributed at a particular time. The purpose of this article is to warn visitors that a particular institution is being targeted and to provide one or more examples of the type of scam emails being distributed. It is not intended to represent a comprehensive list of all such scam emails.

References:
Phishing Scams - Anti-Phishing
PayPal - Protect Yourself from Fraudulent Emails

Last updated: 7th August 2006
First published: 7th August 2006

Write-up by Brett M.Christensen