Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Paypal 'Strange IP from a Different Location' Phishing Scam

Outline
Email purporting to be from Paypal, claims that the customer must verify account information because a "strange ip from a different location" attempted to login and account access has therefore been limited for security reasons.



Brief Analysis
The email is not from Paypal. In fact, the message is a phishing scam designed to trick PayPal customers into handing over account and credit card details to criminals.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 14th May 2011
First published: 14th May 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: This is a service notification from PayPal regarding important ................ to your accounts or services.

[Paypal logo]

========================================================================================
Please note: This is a service notification from PayPal regarding important to your accounts or services.
========================================================================================
Dear Customer,

A strange ip from a different location was recently login into your PayPal account and we have decided to limitate your account on our ongoing effort to protect your account and our relationship, we monitor your account for possible fraudulent activity.

As a result, we require you to confirm and verify your account information By Clicking Here and completing the confirmation process.

If you spot a transaction you don't recognise call us immediately on [Removed] as soon as possible.

Sincerely,
PayPal Fraud Prevention Department




Detailed Analysis

©iStockphoto.com/Stuart Hickling

Paypal phishing Scam
This email, which claims to be from online payment service Paypal, warns the recipient that, due to suspected fraudulent activity, it is necessary to confirm and verify account information. According to the message, a "strange ip from a different location" recently attempted to login to the account and the "PayPal Fraud Prevention Department" has therefore decided to "limitate" the account as a precaution. The recipient is instructed to follow a link in the message in order to complete the account confirmation process.

However, the message is certainly not from Paypal and the claims that fraudulent activity has been detected on the recipient's account is untrue. In fact, the message is a phishing scam designed to trick unsuspecting Paypal users into divulging their Paypal account details to Internet criminals. Recipients who fall for the ruse and click the link in the message will be taken to a bogus website designed to mirror the appearance and functionality of a genuine Paypal web page. Once on the fake site, victims will be first asked to enter their Paypal email address and password in order to "log in". They will then be presented with a "verification" form that asks them to provide credit card numbers and other sensitive personal information, ostensibly as a means of confirming their identity and restoring full account access. Both the scam email and the bogus website include familiar Paypal logos and other elements designed to make them appear genuine.

All information entered on the bogus website - including the Paypal login credentials - will be collected by the scammers responsible for the phishing attack. Using this stolen personal information, these criminals can then access their victims' real PayPal accounts as well as make fraudulent use of their credit cards.

Largely because it is an online entity that regularly communicates with customers via email, Paypal has been continually targeted by phishing scammers over a number of years. Paypal will never send you an email asking you to follow a link and provide account details as a means of confirming your account. Paypal will never ask you to provide passwords or bank and credit card details via an email. Moreover, genuine Paypal emails will never use generic greetings such as "Dear Customer". Genuine Paypal emails will always address you by name. Paypal scam emails can often be identified by poor spelling, unusual grammar and calls for "urgent" action from recipients.

If you receive an email purporting to be from Paypal that you suspect may be fraudulent, do not follow any links in the message. Do not open any attachments that the email may contain. Always login to your Paypal account by typing the address in your browser's address bar rather than by following a link in an email.

Paypal has published information warning customers about such phishing scams on its website.

Bookmark and Share References
Phishing Scams - Anti-Phishing Information
Paypal New Message Phishing Scam
"Paypal - Your Guide to Phishing:


Last updated: 14th May 2011
First published: 14th May 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer