PayPal has been the latest popular company to be targeted by scammers with a series of phishing emails requesting users to provide personal data and even photos of their passports. With a closer look at the phishing emails used to trick PayPal users into giving up their personal information and data, there are a few red flags to be aware of if you receive an email like this. Here’s what we learned from the PayPal phishing scam.
The phishing campaign began with the traditional phishing email that looks like they are coming from PayPal’s notification center, followed by letting the recipient know that the recipients email account has been limited because it was logged into from a new browser or device. The recipient then must verify his or her identity by clicking on a button within the received email which then directs the user to a landing page requesting personal information. If a user does continue to provide their information, what’s collected is, their billing information, social security number, credit card with PIN information, and even an uploaded photo of their government issued Photo ID, passport or drivers license.
Unfortunately, many people have fallen victim to this PayPal phishing scam, but there are a few points that stick out to us that if noticed by you to, could help you avoid falling victim to this scam and others.
1. Although the email address reads “Support”, when you click or hover over the email address, [Service553659@ovh.com] appears, not a legitimate paypal email address.
2. The button link that leads you to the landing page which prompts you for personal information reds, “Secure and update my account now!” An odd use of exclamation points
3. The landing page looks like a legitimate PayPal login screen with the Paypal branding, but, the URL reads: (https://www.[.]leemou[.]com/files/sector/). Which most definitely is not a PayPal URL.
PaylPal has issued a statement notifying all users that all legitimate emails will only come from PayPal.com addresses and will also address the customers by their first and last names. Emails will also never ask for sensitive information such as bank account information or passwords. PayPal recommends always making sure you enter www.PayPal.com into your browser instead on clicking any links inside an email. If you have any questions about a suspicious email you received form PayPal, or any other company requested sensitive information, feel free to reach out to us directly at 516-377-6585.