Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Paypal 'We Need Your Help Resolving an Issue With Your Account' Phishing Scam

Email purporting to be from Paypal claims that the company needs the recipient's help to resolve an account issue and that the account has been limited until "a little bit more information" about the account holder has been provided.

Brief Analysis
The email is not from Paypal. The message is a phishing scam designed to trick users into divulging their Paypal login details and other personal and financial information to Internet criminals.

Bookmark and Share
Detailed analysis and references below example.

Last updated: 14th May 2012
First published: 14th May 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Subject: We need your help resolving an issue with your account !

We need your help

Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we've temporarily limited what you can do with your account until the issue is resolved.

We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.

What's the problem?

We need a little bit more information about you to help confirm your identity.

Case ID Number: PP-001-487-280-335

Click To Confirm

How you can help

It's usually pretty easy to take care of things like this. Most of the time, we just need a little more information about your account or latest transactions.

To help us with this and to find out what you can and can't do with your account until the issue is resolved, log in to your account and go to the Resolution Center.


Paypal Phishing Email

Detailed Analysis
According to this email, which purports to be from online payment service, Paypal, the recipient's Paypal account has been limited because the company needs more information about the account holder. The email claims that the account holder can help Paypal resolve the issue - and lift the imposed limitations - by clicking a link in the message and providing "a little more information" about the account and recent transactions.

However, the email is not from Paypal. Nor has the recipient's account been limited as claimed. The message is just one more fraudulent email in a continuing barrage of phishing scams that target Paypal users. Those who are taken in by the ruse and click the link as instructed will be taken to a bogus webpage made to look virtually identical to the genuine Paypal website. Once on the fake page, they will be prompted to login with their username and password combination. After "logging in", victims will be asked to provide detailed personal and financial information, as depicted in the following screen shot of the scam website:

Paypal Phishing Email - Fake Update Form

All the information submitted via the bogus login screen and via the fake "Profile Update" form can be collected by the criminals running the scam and used to hijack the user's Paypal account as well as to commit credit card fraud and identity theft.

As such scams go, this one is a little more sophisticated than some others of its ilk. The text of the scam message is more carefully worded - and grammatically more accurate - than many typical phishing scams. The address of the fake website includes "paypal" along with a long string of numbers and letters. This ruse is designed to trick users into thinking that they are actually going to a real Paypal site. A closer examination of the web address reveals that it actually points to a site that has no connection with Paypal at all but simply incorporates the word "paypal" to create an illusion of legitimacy. The fake site includes all of the elements and navigation links that will be familiar to Paypal users. However, clicking these links does not lead to another part of the site as expected but simply reloads the same scam form. Moreover, as is typical with phishing scam websites, the bogus form is not on a secure (https) webpage. No legitimate financial entity is ever likely to ask customers to provide sensitive personal or financial information on a non-secure web page.

Because it conducts its business primarily online and communicates with customers extensively via email, PayPal has long been a primary target for phishing scammers. Be very cautious of any email purporting to be from Paypal that asks you to click a link or open an attachment to supply account information. Watch for fake links disguised as genuine PayPal addresses. And Paypal emails will never include attached forms. Genuine PayPal emails will not use generic greetings such as "Dear Customer". They will always greet you by your first and last name. Paypal has provided information on its website that helps people to recognize and avoid phishing scams.

Bookmark and Share References
Phishing Scams - Anti-Phishing Information
Difference Between http & https
Paypal 'Strange IP from a Different Location' Phishing Scam
PayPal 'Your Credit Card Information Has Changed' Phishing Scam
Your Guide to Phishing

Last updated: 14th May 2012
First published: 14th May 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer