Alert: New PayPal Phishing Scam

July 7, 2015 | By Editor
1 Star2 Stars3 Stars4 Stars5 Stars

Comodo has identified a new PayPal phishing email, which is being sent via a server in Turkey. Because PayPal uses email to contact its customers, fraudsters can easily fake the name in the sender’s email address.

comodo containment

The email contains only a clickable image of a textual letter, with no text outside the image. The text in the image begins, “we need your help resolving an issue with your account.” The email redirects the user to a site in the Belarusian language, closely imitating the PayPal login page. The likely intention here is to forge PayPal accounts in a nefarious effort to collect credit card information.

While the user sees the message as having been sent from “PayPal Customer Service,” the email is actually sent from RFC Sender: PayPal’s “Common email scams” webpage explains how sophisticated fraudsters can fake the entire reply name to look like a legitimate sender, so be careful.

paypal phishing scam

The message redirects the user to “,” which initiates the following process:

1. The user is redirected to a PayPal imitation login page

2. Any and all user credentials–including erroneous account information–will lead to an extended loading process

3. Users are then requested to update their billing address

4. Users are informed to enter their credit card information

5. Now the user is redirected to the legitimate PayPal site

PayPal urges its users to report suspect emails to

According to PayPal’s website, emails from PayPal will:

Come from Scammers can easily fake the “friendly name,” but it’s more difficult to fake the full name. A sender such as “PayPal Service (” is not a message from PayPal. But sophisticated scammers can sometimes fake the full name, so look for other clues. An email from PayPal will always address you by your first and last names, or your business name.

Emails from PayPal will not ask you for sensitive information like your password, bank account, or credit card. A PayPal email will never contain any attachments or ask you to download or install any software.

Be Sociable, Share!

    Add new comment

    Your name

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


    What Hidden Threats LurkOn Your Endpoints?

    Get complete security from known and unknown threats from Comodo Endpoint Protection

    free threat scan

    How Secure is your network against Internet-based Attacks?

    Take the instant Network Security Assessment to get your security score!

    test my security now