Most of the time the Gmail and Yahoo servers will identify malicious emails if similar ones were previously reported as phishing. However, if for some reason it does not, be aware of a scheme to rob users of their vital information for PayPal.
On October 4, 2018, the fraudulent message in this writer’s email read:
Dear [User Name],
To keep using the money in your PayPal balance to send or spend, you’ll need to confirm your account information by [Date]. This is one of the ways to keep your account secure.
You’ll want to pay special attention to this because we noticed that you’ve set up at least one automatic payment. That means you’ve authorized a vendor or retailer to automatically change your PayPal Business account when you buy something for certain sites or pay for something on a recurring basis, like a subscription.
Next in a larger font, “You’ve got options.” Then there are two separate options to select from: “Continue using your PayPal balance, or Don’t use your PayPal balance.” In the first, the directions tell users to use the link provided to confirm the information. The latter, wants the user to link either their bank or card using by clicking the button below.
There are 11 attachments provided. Do not attempt to download any of them. While it is unknown what these downloads would do to a computer or network is dubious, these may infect the hard drive with a Trojan Horse or other harmful code which would give the hackers access to all of the user’s data.
Gmail posts the following notice in the email to prevent users from giving this phishing expedition vital data to hack users’ PayPal account:
Please do not reply to this email. We are unable to respond to inquiries sent to this address. For immediate answers to your questions, visit our Help Center by clicking “Help” located on any PayPal page or email.
PayPal, Inc. is Licensed as a Money Transmitter by the New York State Department of Financial Services. PayPal, Inc., NMLS #910457, License #FT3345, Massachusetts Foreign Transmittal License. PayPal, Inc., Transmit Money By Check, Draft or Money Order By The Department of Banking, Commonwealth of Pennsylvania. PayPal, Inc. Rhode Island Licensed Money Transferor. PAYPAL, INC., NMLS #910457, LICENSE #34967, IS LICENSED BY THE GEORGIA DEPARTMENT OF BANKING AND FINANCE.
Copyright © 2018 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131
Reports of this phishing expedition date back years, the first showing in a Google search is dated 2002, where consumers asked the PayPal Community if these emails were a scam or not. Through the years the message has changed, but the fact remain this is a sophisticated and dangerous hoax.
WeLiveSecurity by ESET tested a similar hoax in 2017. Their findings support the warnings from Gmail and Yahoo. They opened the specified link and were presented with a realistic-looking PayPal login landing page “that even has an SLL certificate to suggest it’s authentic.” ESET continues its warning:
Notice the domain has nothing to do with PayPal sites, but rather are scam URLs. As with other campaigns, scammers typically use a myriad of dynamically generated domain names — sometimes slight variations on the real name — which is another clue that something isn’t right.
When Snopes investigated similar PayPal emails, they warned it is a scam:
Both eBay and PayPal (eBay bought out PayPal in 2002) swear they never ask for personally identifiable information via email., and both have stopped including web site hot links in messages to members. Ergo, if you get an email “from” one of these entities asking you for credit card or banking account number, it’s not the real thing.
These phishers also target users with requests supposedly from the IRS and other websites. All of them ask for updated person information. Do not be fooled. Users must report anything posted in the inbox to the email server being used.
There is a difference between spam and phishing. According to AO Kaspersky Lab:
“Spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your postbox.”
Phishing Scam emails are sent “in order to obtain passwords, credit card numbers, bank account details and more.”
If opened, both spread malicious code onto users’ computers. Kaspersky recommends creating a “public” email address to use when posting to public forums, chat rooms, mailing lists, and internet services. Keep a personal address for private communication.
Be safe, if in doubt as to the sender’s identity do not open the email, most scammers’ log the data relayed once the mail is opened even if no information is exchanged. Be cautious and report anything that seems suspicious.
Written by Cathy Milne-Ware
AO Kaspersky Lab: What is Spam and a Phishing Scam? – Definition
WeLiveSecurity by ESET: PayPal users targeted in sophisticated new phishing campaign
SNOPES: PayPal Scam
Featured Image Courtesy of Rachel Smith’s Flickr Page – Creative Commons License
Top and Inset Screenshots by Cathy Milne – Personal Gmail Account