Beware of this very convincing PayPal phishing scam

midian182

midian182

Posts: 9,734   +121
Staff member
In brief: Scammers know the best way to get people to fall for a phishing email is to make it convincing and suggest a lack of response will result in financial penalties. A new campaign that uses fake PayPal invoices meets both of those requirements, and it's proving successful.

Krebs on Security reports that the phishing emails claim to be an invoice from PayPal's billing department asking for $600. Most people these days know to check the senders' email address in suspicious messages to see if they look fake, but this one originates from PayPal.com. The email even includes a link at Paypal.com that displays the invoice.

Moreover, the message headers show it passed email validation checks as originating from PayPal, and it was sent through an internet address assigned to the payment company. Not only does this make it an extremely convincing phishing scam, but it should also guarantee the message is delivered and doesn't end up in recipients' spam folders.

Courtesy of Krebs on Security

The included message might not be worded as professionally as what you'd expect from a major company like PayPal. Nevertheless, it lacks the spelling or grammatical errors that can expose emails as scams.

"There is evidence that your PayPal account has been accessed unlawfully," it reads. "$600.00 has been debited to your account for the Walmart Gift Card purchase. This transaction will appear in the automatically deducted amount on PayPal activity after 24 hours. If you suspect you did not make this transaction, immediately contact us at the toll-free number."

Calling the phone number is where the scam begins in earnest. Victims are greeted by a so-called "customer service" rep who doesn't identify any company. They explain that the only way to address the issue and avoid paying the money is to visit a specific website and download a remote administration tool. Anyone who does download this software will soon find they've lost a lot more than $600.

Krebs writes that the invoices appear to have come from a compromised or fraudulent PayPal Business account that allows users to send invoices. The emails' convincing setup means many have already fallen for the scam; there are claims in the comments of people being robbed of over $1,000. The best solution to emails like this one, of course, is to log into the service directly to check for any suspicious activity.

With much of the online world now more tech-savvy than ever before, criminals know their scams need to be much more convincing than pretending to be a Nigerian prince. A recent one in the UK involved random victims receiving fake Microsoft Office USB sticks in realistic MS packaging.

Permalink to story.

https://www.techspot.com/news/95709-beware-convincing-paypal-phishing-scam.html

 
passingposeidon said:
"the only way to address the issue and avoid paying the money is to visit a specific website and download a remote administration tool."

Sorry but in what way is that convincing? A fool is easily parted with their money.
Click to expand...

I still have a land line - I do various things when called by someone on the sub continent - one time I said straight away shall I install team viewer - they said yes please . Normally I speak softly then blow by refs whistle ( kids teams when I did it ).
Should just do the old person ruse - pretend deafness - must find my hearing aid = just lay phone down and forget it . If the phone back just fake old timers ( alzheimer's )
 
  • Like
Reactions: Hotlynx16 and Theinsanegamer
passingposeidon said:
"the only way to address the issue and avoid paying the money is to visit a specific website and download a remote administration tool."

Sorry but in what way is that convincing? A fool is easily parted with their money.
Click to expand...
People who are not tech savvy still run on the principal of "computers are magic". They just see they have a major bill that was dont "in error" and paypal sends them a link to fix it.
 
  • Like
Reactions: wiyosaya and Vanderkaum037
"The included message might not be worded as professionally as what you'd expect from a major company like PayPal. Nevertheless, it lacks the spelling or grammatical errors that can expose emails as scams."

No, it has an error that stands out immediately to me, but it may be something most people don't notice. Where it shows the amount of $600 it has it written as "$600. 00" as well as the extra space between the "a. m." and "p. m."....plus, you don't need to use AM or PM when you're putting time in as military.

People are dumb as hell, it seems.
 
  • Like
Reactions: Blurgle, Hotlynx16, fb020997 and 5 others
Avro Arrow said:
I would NEVER use the phone number provided in an email. I'd log into PayPal and contact them through that. PayPal has NEVER contacted me through emails like that and I'd be suspicious immediately.
Click to expand...
Agreed. Paypal users should realize that Paypal would take care of this based on their policy, and why the hell are they contacting you saying there is evidence your account was accessed unlawfully?. I would suspect that they would say "evidence of fraudulent activity".

Neatfeatguy said:
"The included message might not be worded as professionally as what you'd expect from a major company like PayPal. Nevertheless, it lacks the spelling or grammatical errors that can expose emails as scams."

No, it has an error that stands out immediately to me, but it may be something most people don't notice. Where it shows the amount of $600 it has it written as "$600. 00" as well as the extra space between the "a. m." and "p. m."....plus, you don't need to use AM or PM when you're putting time in as military.

People are dumb as hell, it seems.
Click to expand...
There is also an English error in this that comes to my attention immediately - and it is "for the Walmart eGift card". Proper English would be "for A Walmart eGift Card". The e-mail does have some errors which would get my warning bells going.

People should not panic when they see e-mails like this and react calmly. IMO, phishers know that getting people into panic mode is a sure way for their phishing attempt to succeed. IMO, panic is the modus operandi behind attempts like this.
 
  • Like
Reactions: Avro Arrow and PEnnn
Everyone should be following "Krebs On Security" who continually exposes things like this. That said, it's good to see this one here too since it's a convincing threat.
 
Arbie said:
Everyone should be following "Krebs On Security" who continually exposes things like this. That said, it's good to see this one here too since it's a convincing threat.
Click to expand...
Moral of the story: Be suspicious of any e-mail like this.
 
Neatfeatguy said:
"The included message might not be worded as professionally as what you'd expect from a major company like PayPal. Nevertheless, it lacks the spelling or grammatical errors that can expose emails as scams."

No, it has an error that stands out immediately to me, but it may be something most people don't notice. Where it shows the amount of $600 it has it written as "$600. 00" as well as the extra space between the "a. m." and "p. m."....plus, you don't need to use AM or PM when you're putting time in as military.

People are dumb as hell, it seems.
Click to expand...

Indeed, but the sad thing is: The internet has shown us the last few years how many people can't even tell the difference between "too / to", "your /you're", "their / there"....etc...it's truly tragic, and could be costly!!
 
  • Like
Reactions: fb020997, nismo91, Mr Majestyk and 1 other person
Or you could actually log into your account (not via any link in the e-mail) and verify this. If you have a paypal account you should have a modicum of internet skills. Always these things independently and if in doubt, contact paypal via the real website details.

Banks never ever ask for these things via email BTW.
 
wiyosaya said:
Agreed. Paypal users should realize that Paypal would take care of this based on their policy, and why the hell are they contacting you saying there is evidence your account was accessed unlawfully?. I would suspect that they would say "evidence of fraudulent activity".


There is also an English error in this that comes to my attention immediately - and it is "for the Walmart eGift card". Proper English would be "for A Walmart eGift Card". The e-mail does have some errors which would get my warning bells going.

People should not panic when they see e-mails like this and react calmly. IMO, phishers know that getting people into panic mode is a sure way for their phishing attempt to succeed. IMO, panic is the modus operandi behind attempts like this.
Click to expand...
Well it's obvious (or not) to anyone who's natively speaking English. I didn't notice those details until you both pointed them out, since English is not my primary language (did I even use the term primary right?).

It is good to read these articles though to remind us not to be too quick to respond. Greed is a powerful motivator.
 
kiwigraeme said:
I still have a land line - I do various things when called by someone on the sub continent - one time I said straight away shall I install team viewer - they said yes please . Normally I speak softly then blow by refs whistle ( kids teams when I did it ).
Should just do the old person ruse - pretend deafness - must find my hearing aid = just lay phone down and forget it . If the phone back just fake old timers ( alzheimer's )
Click to expand...

But guess what? I just found out the hard way that PayPal no longer accepts landline numbers and won't let you access your account unless you provide a mobile one. Hour later support says it's fixed so I can now access it, but what happens next time? Bad policy IMHO, not everyone has or is willing to use their cell phone for that purpose... like me.
 
wiyosaya said:
People should not panic when they see e-mails like this and react calmly. IMO, phishers know that getting people into panic mode is a sure way for their phishing attempt to succeed. IMO, panic is the modus operandi behind attempts like this.
Click to expand...
When people don't have the brain-power to properly process something like this, an emotional response is what they have. People fear what they don't understand and fear leads to panic.
 
Gezzer said:
But guess what? I just found out the hard way that PayPal no longer accepts landline numbers and won't let you access your account unless you provide a mobile one. Hour later support says it's fixed so I can now access it, but what happens next time? Bad policy IMHO, not everyone has or is willing to use their cell phone for that purpose... like me.
Click to expand...
Lots of companies make it very hard to negotiate with them , information is hidden layers deep. You have to do other steps first .
When you find a direct phone you some magic art - you save it to file .
Even claiming some bonus cash back with some companies is made hard - with warnings if not filled in correctly it will not be looked at
 
Mr Majestyk said:
Or you could actually log into your account (not via any link in the e-mail) and verify this. If you have a paypal account you should have a modicum of internet skills. Always these things independently and if in doubt, contact paypal via the real website details.

Banks never ever ask for these things via email BTW.
Click to expand...
AFAIK, PayPal is not a bank. That's how they have gotten away with some of their sketchier actions.
 
Hotlynx16 said:
I forward all suspicious pay pal emails to pay pal and pay pal reply's thanking me! spoof@paypal.com
Click to expand...
Well, it's a good thing you can spot fake emails, because you'd be somewhat inept at writing one. I know it's impolite to be a "grammar Nazi", but since spotting misspellings are part of the topic, I'll proceed.

I know of no example or reason in English where "reply", would be used as a possessive or a contraction. (Which is not to say there aren't any). However in this case, Pay Pal "replies" is correct.. You could get away with Pay Pal as the possessor. Sic: "Pay Pal's replies to my notifications were to say "thank you".
 
Last edited:
PEnnn said:
Indeed, but the sad thing is: The internet has shown us the last few years how many people can't even tell the difference between "too / to", "your /you're", "their / there"....etc...it's truly tragic, and could be costly!!
Click to expand...
Rap music and texting are the final two (or is that "to", or, "too? :rolleyes: ), nails in traditional English's coffin. What thinkest thou?

Besides, we have emojis now. Why, you could write a novel with them now, just like the Neanderthals did on their cave walls.
 
Last edited:
Neatfeatguy said:
"The included message might not be worded as professionally as what you'd expect from a major company like PayPal. Nevertheless, it lacks the spelling or grammatical errors that can expose emails as scams."

No, it has an error that stands out immediately to me, but it may be something most people don't notice. Where it shows the amount of $600 it has it written as "$600. 00" as well as the extra space between the "a. m." and "p. m."....plus, you don't need to use AM or PM when you're putting time in as military.

People are dumb as hell, it seems.
Click to expand...

The most obvious tell is that the e-mail begins, "Dear PayPal User". PayPal always uses your first and last name in the salutation.
 
Never ever have I fallen to any online scam or phishing.
Just use your best judgement, and stop clicking on every random crap.
To avoid it getting scammed, type the company's website manually into the URL windows, and go from there.
 
You must log in or register to reply here.

Similar threads

midian182
PayPal is cutting 2,500 jobs globally in major workforce reduction
Replies
5
Views
239
masaaya4
M
Daniel Sims
EU right-to-repair regulations: manufacturers would be liable for 12 months after repairs
Replies
1
Views
179
JCChua
JCChua
midian182
TSMC to receive $11.6 billion from US under CHIPS Act, will build third Arizona plant
Replies
9
Views
144
Starscream07
Starscream07

Latest posts

Back