Example of a Paypal phishing attempt 

Posted on by Heimdal Security

We think examples are a great way to understand cyber security risks and attacks. This is why we want you to see how a Paypal phishing scam works.
 
We recommend you read the full story, but for those who want a summary, check out the details below.
 
Email contents:
 
From: PayPal <donotreply@godaddy.com>
Date: Sun 12/06/2016 18:10
Subject: Review your PayPal account limited statement
Attachment: Issue ID Number PP 8400-7911-20-00.html
 
Body content:
—————————————————————-
Review your PayPal account limited statement
—————————————————————- 
Dear PayPal Customer, 
 
 
We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.
 
As part of our security measures, we regularly check the PayPal screen activity. We request information from you for the following reason: 
Our system detected unusual charges to a credit card linked to your PayPal account. 
 
Download the attached form to verify your Profile information and restore your account access. And make sure you enter the information accurately, and according to the formats required. Fill in all the required fields. 
 
Thanks for joining the millions of people who rely on us to make secure financial transactions around the world. 
 
Regards,
PayPal
 
Some red flags you may have noticed are:

  • The sender address (GoDaddy is a website hosting company, so it’s an obvious scam)
  • The attachment with the weird name (banks and other financial services, such as Paypal, never send attached documents; they require you log into your account to download them)
  • The attachment format: HTML – this clearly leads to an online destination. Never click on these if you spot a similar scam! The phishers probably used an HTML attachment because people have learnt that clicking on weird links in emails is a very, very bad idea.
  • The lack of an official signature at the end of the email (although sometimes cyber attackers can fake those as well).

 
You should check out the entire story to see printscreens and other explanations. You may find this example very useful one day (soon)!

Leave a Reply

Your email address will not be published. Required fields are marked *