Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

PayPal 'Cancel Payment' Phishing Scam


Outline

Email purporting to be from PayPal claims that the recipient has sent a payment to a specified merchant and offers instructions for cancelling the payment if required.

Facebook phising
© Depositphotos.com/ rfphoto

Brief Analysis

The email is a phishing scam designed to trick recipients into divulging their PayPal account login details and a large amount of personal and financial information. All of the information supplied will be sent to online criminals and used to commit financial fraud and identity theft. The merchant or seller specified in the messages may vary in different incarnations of the scam. If you receive one of these bogus emails, do not click on any links or open any attachments that it contains.

Example

Receipt No: 4230-2939-1080-2029
You sent a payment of $56.00 AUD to Big W Photos Online.
It may take a few moments for this transaction to appear in the Recent Activity list in your Account Overview.
Merchant
Big W Photos Online.
+61 21300614359 Instructions to merchant
You haven't entered any instructions.
Description Unit price Qty Amount
$56.00 AUD 1 $56.00 AUD
Subtotal $56.00 AUD
Total $56.00 AUD
Payment $56.00 AUD
Payment sent to Big W Photos Online
Receipt No: 4230-2939-1080-2029Issues with this transaction?
If you belive this is an error please follow the link below to login to your paypal account.
On the next page, please complete the required details, then press the 'Cancel Payment' button to confirm. Your payment will be cancelled and the funds returned to your PayPal account.
https://www.paypal.com.au/AU/cgi-bin/helpweb?cmd=_help

PayPal Cancel Payment Phishing


div class="example">

PayPal Cancel Payment Phishing

Detailed Analysis

According to this email, which claims to be from online payment company PayPal, the recipient has sent a payment to a specified merchant or seller.
The email is professionally presented and includes the PayPal logo and seemingly official formatting and links. The message provides details of the supposed transaction and instructs recipients to click a 'cancel payment' link should they believe that the payment was sent in error.

But, although it closely resembles a genuine PayPal payment notification, the email is fraudulent. PayPal did not send the message and the listed transaction details are invalid.

The criminals responsible for this phishing expedition hope that at least a few recipients, believing that a fraudulent transaction has been made via their accounts, will be panicked into clicking the 'cancel payment' link.

Those who do click will be taken to a bogus website and asked to supply their PayPal email address and password on a fake login box. After logging in, they will be presented with the following web form, which asks for a large amount of personal and financial information:

PayPal Cancel Payment Phishing

All of the information supplied can be harvested by criminals and used to hijack the compromised PayPal accounts, commit credit card fraud and steal the identities of victims.

The merchant or seller specified in the scam emails may vary. Some may name a well-known merchant or company as the receiver of the sent funds. Others may use the names of what appear to be individual PayPal sellers.

Criminals have regularly used such tactics to steal information from PayPal customers. In another version, the scam emails falsely claim that a Skype Top-Up payment has been sent via the user's PayPal account. And, very similar 'You sent a payment' emails have been used to trick people into downloading malware.

If a PayPal phishing scam email hits your inbox, you can submit it to the company for analysis via the email address listed on the company's phishing information page. A quick rule of thumb. PayPal emails will ALWAYS address you by your first and last names or business name. They will never use generic greetings such as 'Dear customer'. Nor will they omit the greeting.

It is always safest to login to your PayPal account by entering the account address into your browser's address bar rather than by clicking a link in an email.



Last updated: March 5, 2014
First published: March 5, 2014
Written by Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams - Anti-Phishing Information
Skype TopUp Payment PayPal Phishing Scam"
Paypal 'You Sent a Payment' Malware Emails
Fake PayPal emails - phishing






Latest Hoax-Slayer Articles