Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation



PayPal 'ASDA Stores Order' Phishing Scam

Outline
Email purporting to be from PayPal claims that the recipient has submitted an order for 59.99 GBP to Asda Stores.

Caution email fraud

© Depositphotos.com/ sangoiri



Brief Analysis
The message is not from PayPal. It is a phishing scam designed to steal personal and financial information from recipients.

Bookmark and Share
Example

Subject: You submitted an order amounting of 59.99 GBP to Asda Stores Limited

Thanks for using PayPal. Please note that this is not a charge. Your account will
be charged when the merchant processes your payment. You may receive multiple emails as  the merchant processes your order.

Your funds will be transferred when the merchant processes your payment. Any money in your PayPal account at that time will be used before any other payment source.

View the details of this transaction online

PayPal ASDA


Detailed Analysis


This message, which purports to be from online payment service PayPal, claims that the recipient has submitted an order of 59.99 GPP to Asda Stores Limited. The message, which closely emulates the style and formatting of a typical PayPal transaction notification email, invites recipients to click a link to view transaction details online.

The email is not from PayPal and the order details listed in the message are invalid. In fact, the message is a phishing scam that attempts to trick recipients into sending personal and financial information to Internet criminals.

The scammers hope that at least some recipients, panicked into believing that unauthorised transactions have been made via their PayPal account, will click the link seeking further information.

Those who do click the link will be taken to a fake PayPal website. The site runs a script that makes it appear that the visitor has been automatically logged into his or her PayPal account.

Once "logged in", the user will be presented with a fake form that asks for credit card details as well as contact and other personal information. When the user clicks "Submit" on the fake form, a "credit card is now secure" message will be displayed and the site will automatically redirect to the genuine PayPal website.

Meanwhile, the criminals can collect all of the information submitted via the fake form and use it to commit credit card fraud and identity theft.

PayPal customers are almost continually targeted by phishing scammers. When sending emails, PayPal will ALWAYS address you by name, never "Dear Customer" or other generic greetings.  Be wary of any PayPal email that claims that you must click a link to verify a payment or update account details.

It is always safest to login to your PayPal account by entering the address into your browser's address bar rather than by clicking a link in an email.

You can report PayPal phishing scam emails that you receive via the reporting email address listed on the company's website.

Bookmark and Share

Last updated: October 23, 2013
First published: October 23, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams - Anti-Phishing Information
Skype TopUp Payment PayPal Phishing Scam
Send hoax emails to phishing@paypal.com.au