Paypal phishing emails - scam attacks with actual examples

This article provides details on Paypal phishing emails and includes screenshots of these real world scam attacks. The Paypal logos are copyright of the company and were a part of the phishing emails I had received. They have been shown here for the purpose of educating the gullible, informing them of the potential danger of Paypal phishing emails and advising them in detail on how to identify such scam attacks.

What is Paypal?

Paypal is an online payment solution provider. It's like an online bank account at which you can receive funds and through which you can pay for products and services that you purchase on the web. Additionally, you can associate a real world bank account (even multiple) to one at Paypal and transfer (upload and withdraw) funds.

Payments via the Paypal account can be done through credit cards, bank accounts (linked to Paypal accounts), buyer credit or account balances. The Paypal mode of payment is offered at more than 100,000 web sites (the last time I checked this number) including eBay.com, the world's largest market place. In fact, on eBay.com, no additional fees is deducted from the buyers accounts when the payment is made through Paypal.

Why is Paypal information sensitive?

A typical Paypal account contains not only personal information but also credit cards and bank accounts details. Furthermore, your Paypal account can have "real money" - funds that you have uploaded or received. Sharing your Paypal account login details with fraudsters can result in direct losses of monies and theft of personal information. For instance, any funds stored at your account can be transferred to other accounts or be used to purchase goods/services online in a matter of minutes. If a bank account has been linked to a Paypal account, additional funds can be lost.

What do Pay pal phishing emails look like?

Paypal phishing emails have all the characteristics of a scam attack. The email subject is usually quite distressing and upsetting such as "Your Paypal account has been hijacked", "Your Paypal account has been blocked" etc. Some come in milder forms such as "An email address has been added to your Paypal account" which, though, seem harmless, are bound to elicit your interest.

Also, and this is important, a legitimate email from Paypal will be addressed to you - that is, it will carry your name (first name and last name). Usually, Paypal phishing emails will not have this information because, in most cases, scam artists have access only to the email address and not the full name of an individual.

Detecting Paypal phishing attacks with real world examples

Let us now look at some Paypal phishing emails I received. These are typical scam attacks and I have presented them as images (snapshots taken from Outlook Express email client). You can click on the image to view a full-scale version.

Paypal Phishing email example #1

This is an ill formed scam attack. Unless you are very gullible you would realize that this email simply cannot be from Paypal. The logo is absent and the formatting is all out of place. Also, legitimate emails from Paypal will carry your first and last name. And when you mouse over the "click here" and "Help" hyperlinks, the URL (displayed in the status bar of Outlook Express) is not of the Paypal web site.

Example #2

The formatting of the message is much better and informs you of a payment made by you (supposedly) to Debbie's RC World. Again, note that the email addresses no one in particular - it's just "Dear Paypal Member" when it should be addressed to you.

Example #3

This example too informs of a payment made by you. Though the email is very nicely formatted and looks quite like a legitimate Paypal email... where is your name? Also, if you mouse over the "Item Title" link, the URL points to an I.P. address and not to the Paypal web site - www.paypal.com. FYI, the URL is displayed in the status bar in Outlook Express once you move the mouse cursor over it.

Before we proceed, I would like to make one more point. The price of the item mentioned in the message is far lower than its retail price, which I suppose, is meant to entice you, It should, however, raise doubts in your mind!

Example #4

This is indeed a handsome Paypal phishing email - looks quite like a real email from the company. And coulpled with a distressing title - "Your account will be suspended" - makes it quite deadly. However, you can spot the scam - the email is addressed to no one in particualr and if you move the mouse cursor over the link (especially the big link in the center - "Click here to activate your account"), you'll find that the URLs do not go to the Paypal web site - though the phrase "www.paypal.com" occurs in both links.

Protecting your self from Pay pal phishing attacks

My sincere advice is not to act hastily. Take a moment to read the email and look for suspicious signs of a phishing attack. Also DO NOT CLICK on any links in the email. I suggest you open a fresh browser window and then go to the Paypal web site. This will take a few seconds more but is 100% safe. For extra safety or if you feel that you are susceptible to frauds, download and install antiphishing toolbars from Netcraft and Yahoo! The toolbars are available for both Internet Explorer and Firefox. And finally, if you do catch a phishing email, make it a point to report it to Paypal. You can learn more about Paypal phishing emails and scam attacks from the following links:

• The Phishing guide from Paypal
• Online Safety Essentials
• Understanding safer web browsers