sb-au logo
Story image

PayPal phishing scam uses 'safety' features to trick people

26 Jul 2019

The wave of scam and phishing emails just doesn’t stop. This time, a bunch of PayPal scam emails are doing the rounds, and this time they’re more devious than ever. 

These scams use safety features to steal victims’ confidential data, and are ‘brandjacking’ trusted names in the industry to conduct their attacks.

In this case, a newsletter email service called was compromised at some point. Attackers are using this service to send fake emails with the display name “PayPal”.

According to security firm MailGuard, the message is a ‘confirmation’ that a new email address has been added to their PayPal account.

The email then asks users to click a link that says ‘let us know right away’ if they did not add the email address to the account. 

When users click on the link, they are taken to a clone of the PayPal website – but that website is anything but real. The page leads to another PayPal-branded login page requesting users for an email or mobile number.

When users click ‘next’, they are asked for their password. They then appear to ‘log in’ to PayPal.

Users are then asked to update their billing address.

When they do so, they are then asked for their credit card information.

After they’ve done all that, they are then redirected to the genuine PayPal website.

“Several techniques have been employed in this email to look like a genuine notification from PayPal, including the usage of high-quality graphical elements such as the company’s logo and branding,” comments MailGuard.

“Another technique is the attempt to evoke urgency; telling the recipient to ‘let us know right away’ creates a sense of anxiety and panic that their account isn’t safe. This also motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.”

“It is also interesting to note that the body of the scam email is, ironically, focused on securing the users’ PayPal accounts. This only adds on to the sense of legitimacy evoked by the email as security updates such as a new email address is a common notification expected of such a well-established company. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details.”

MailGuard says if people are sure if an email is genuine, they should contact the company directly. People should also:

•    Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations.
•    Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
•    To ensure safety, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.
•    Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.

Story image
Singapore makes an example of remote working in APAC, but security concerns persist
Respondents are most concerned about WiFi networks (39%), cloud storage (38%), email (36%), new technologies like IoT and 5G (34%), and video conferencing platforms (31%).More
Story image
Adoption of cloud-native apps high but security remains an issue - report
While most organisations today are using cloud-native apps, Kubernetes and microservices, they struggle to secure and connect the complex environments resulting from them. More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Organisations continue to get hit hard by cyber attacks
Trend Micro published survey findings revealing 23% of global organisations suffered seven or more attacks infiltrating their networks or systems over the past 12 months.More
Story image
AustCyber research shows huge potential of cybersecurity market
For the first time, the gross value added (GVA) of Australia’s cybersecurity sector can be estimated, at $2.3 billion. More