PayPal phish asks to verify transactions—don't do it

PayPal phish asks to verify transactions—don’t do it

There’s a number of fake PayPal emails going around right now claiming that a recent transaction can’t be verified. If your response to this is, “What transaction?” read on. If your response to this is, “Oh no, not my recent transaction!” you should still read on. Why? Because scammers have both eyes and at least one virtual hand on your cash, assuming you follow their direction.

Here’s two examples of how these mails are being named from one of our mailboxes:

paypal phish mails

Click to enlarge

[New Transaction Statements] we’re letting you know : We couldn’t verify your recent transactions

[New Activity Statements] [Account Hold] Re : Your payments processed cannot completed

Here’s the most recent email in question:

paypal phish mail

Click to enlarge

We couldn’t verify your recent transaction Dear Client,We just wanted to confirm that you’ve changed your password. If you didn’t make this change, please check information in here. It’s important that you let us know because it helps us prevent unauthorised persons from accessing the PayPal network and your account information. We’ve noticed some changes to your unsual selling activities and will need some more information about your recent sales.

Verify Information Now Thank you for your understanding and cooperation. If you need further assistance, please click Contact at the bottom of any PayPal page.Sincerely,PayPal

Clicking the button takes potential victims to a fake PayPal landing page, which tries very hard to direct them to a “resolution center.” The URL is:

myaccounts-webapps-verify-updated-informations(dot)epauypal(dot)com/myaccount/e6abe

fake paypal landing page

Click to enlarge

ΡayΡaI is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, To help us provide you with a secure service. We would like to return your account to regular standing as soon as possible. We apologise for the inconvenience. Why is my account access limited?

Your account access has been limited for the following reason(s) • December 1, 2017: We notice some unusualy activity on your PayPaI account.

As a security precaution to protect your account until we have more details from you, we’ve place a limitation on your account ( Your case ID for this reason is PP-003-523- 280- 570 ) How can I help resolve the issue on my account?

It’s usually easy to resolve issues like this. Most of the time, we just need a little more information about your account transactions To help us resolve this issue, please log in to your account and go to the ResoIution Center to find out what information You need to provide. We’ll review the information you provide and email you if we need more details. Completing all the checklist items will automatically restore your account access.

From here, it’s a quick jump to two pages that ask for the following slices of personal information and payment data:

  1. Name, street address, city, state, zip, country, phone number, mother’s maiden name, and date of birth
  2. Credit card information (name, number, expiration code, security code)
paypal phish website personal info request

Click to enlarge

paypal phish website card request

Click to enlarge

Sadly, anyone submitting their information to this scam will have more to worry about than a fictional declined payment, and may well wander into the land of multiple actual not-declined-at-all payments instead. With a tactic such as the above, scammers are onto a winner—there’ll always be someone who panics and clicks through on a “payment failed” missive, just in case. It’s an especially sneaky tactic in the run up to December, as many people struggle to remember the who/what/when/where/why of their festive spending.

Whatever your particular spending circumstance, wean yourself away from clicking on any email link where claims of payment or requests for personal information are concerned. Take a few seconds to manually navigate to the website in question. and log in directly instead. If there are any payment hiccups happening behind the scenes, you can sort things out from there. Scammers are banking on the holiday rush combined with the convenience of “click link, do thing” to steal cash out from under your nose.

Make it an (early) New Year’s resolution to make things as difficult for the scammers as possible. You can report PayPal phishing attempts here. And if in doubt, at least delete the email.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.