Convincing Fake PayPal Email is making the rounds.
Most often, fake phishing emails can be distinguished fairly easily by their poor grammar, spelling and general sloppiness. However this new round of fake emails mimicking PayPal has many people concerned. The quality of the phish is excellent with well tailored IP masks, legitimate image links and perfect duplication of all the nuances that are part of a real PayPal payment notification.
The phish is designed to institute panic in the victim with a fake notification that they have made an extremely high payment from their PayPal account. The goal is to get the victim to click on the “Transaction ID” to verify the payment. The click inevitably leads the victim to a hacked website. Of course, we don’t click on these elements so we are unable to confirm the exact activity that the criminal conducts but it is not unusual for the link to either install a virus on the victims computer, or trick the victim into releasing more information by impersonating the real website, in this case that would be PayPal.
If you receive this email you should NOT click on any element within the email. Forward it to: firstname.lastname@example.org and they will take care of it with their legal team.
If it’s too late, and you have already clicked on the link, you should immediately contact PayPal to report the issue and then reboot your computer into safe mode and run a full system virus scan. If you had entered any personal or financial information, immediately contact your bank.
Below is a copy of what the fake PayPal email looks like. Note that email names, payees, dates & transaction numbers all vary. The subject line also vary and has been reported as:
- Your PayPal Ebay.com Payment
- Your PayPal.com Transaction Confirmation
- You have made an Ebay.com Purchase
Please make sure to notify your family and friends to watch out for this fake email.