Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share







PayPal 'Verify to Resolve Account Limitations' Phishing Scam

Outline
Email, purporting to be from PayPal, claims that the recipient's account has been limited and that he or she must login via a link in the message to resolve the issue.



Brief Analysis
The email is not from PayPal and the claim that the user's account has been limited is untrue. Those who follow the link will be taken to a fake PayPal website that attempts to steal their login details and other personal and financial information.

Bookmark and Share
Detailed analysis and references below example.





Scroll down to submit comments
Last updated: 11th November 2011
First published: 11th November 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Verify Identity

Dear Customer,

You may have noticed that some limitations have been placed on you PayPal account. As a valued PayPal customer, we want to le you know what this means an how to resolve the situation.

What does it mean to have limited access?
Send money to other PayPal users
Request or receive money from other user
Edit or remove account details
Close your PayPal account

How do I resolve the issue?

The account limitation process helps to maintain PayPal as a safer way to buy and sell. It's similar to passing through a security checkpoint. When we limit an account we often simply ask the user to supply information to verify their identity , financial information or the merchandise they're selling.

Log on www.paypal.com

PayPal aims to review account information within 48 hours so please aim to get the information to us as soon as possible.
Reviews are performed in the order they are received.

Yours sincerely,
PayPal

Screenshot of scam email

PayPal Verify Identity Scam Email




Detailed Analysis
This message, which appears to come from online payment service PayPal, claims that the recipient's account access has been limited, supposedly as a safety precaution. According to the email, the recipient can resolve the issue by following a PayPal login link in the message and supplying information that will verify his or her identity.

However, the email is not from PayPal. The claim that the account has been limited is a lie designed to trick the recipient into following the link supplied in the message. In fact, the email is a phishing scam that attempts to trick PayPal users into divulging their account login details and other personal and financial information.

Those who follow the link will be taken to a sophisticated, but entirely fake "PayPal" website that has been carefully designed to mirror the real thing. The casual observer might find it difficult to notice any difference between the fake webpage and the genuine PayPal site. If the victim goes ahead and enters his or her login details on the fake webpage, the following "Confirm your identity" web form will appear. The form asks for the victim's name, address and contact details as well as his or her credit card information:

Fake PayPal Confirmation Form

Any information submitted on the fake website - including the user's PayPal login details - can be collected by the criminals running this phishing expedition. Once they have collected this information from their victim, the criminals can then use it to login to his or her real PayPal account, steal more personal information and make fraudulent PayPal transactions. They can also use the stolen credit card information to commit credit card fraud.

Although the bogus website looks genuine at first glance, a closer appraisal soon reveals telltale signs that skulduggery is afoot. Firstly, none of the navigation tabs or secondary links on the fake login page actually work. Secondly, the web address is not a genuine PayPal domain name. Thirdly, and most importantly, neither the login facility nor the online form use a secure (https) web address. No genuine website or online service would ask users to submit sensitive personal or financial information on a non-secure web page.

The scam email itself also employs an oft-used scammer tactic by disguising the link so that it appears to point to a genuine PayPal web address. While the login link in the message displays as "www.paypal.com", the actual link underneath is in fact an entirely different address.

Because it conducts its operations primarily online and via email, PayPal has become an ongoing target for phishing scammers. Be cautious of any message purporting to be from PayPal that asks you to follow a link to supply personal or financial information. Always login to PayPal by entering the PayPal address into your web browser. PayPal has published information on its website that helps users identify phishing scams.

Bookmark and Share References
Difference Between http & https
Check Links in HTML Emails
Phishing Guide



Last updated: 11th November 2011br /> First published: 11th November 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer