Comodo has identified a new PayPal phishing email, which is being sent via a server in Turkey. Because PayPal uses email to contact its customers, fraudsters can easily fake the name in the sender’s email address.
The email contains only a clickable image of a textual letter, with no text outside the image. The text in the image begins, “we need your help resolving an issue with your account.” The email redirects the user to a site in the Belarusian language, closely imitating the PayPal login page. The likely intention here is to forge PayPal accounts in a nefarious effort to collect credit card information.
While the user sees the message as having been sent from “PayPal Customer Service,” the email is actually sent from email@example.com RFC Sender: firstname.lastname@example.org. PayPal’s “Common email scams” webpage explains how sophisticated fraudsters can fake the entire reply name to look like a legitimate sender, so be careful.
The message redirects the user to “www.serviceprint.by,” which initiates the following process:
1. The user is redirected to a PayPal imitation login page
2. Any and all user credentials–including erroneous account information–will lead to an extended loading process
3. Users are then requested to update their billing address
4. Users are informed to enter their credit card information
5. Now the user is redirected to the legitimate PayPal site
PayPal urges its users to report suspect emails to email@example.com
According to PayPal’s website, emails from PayPal will:
Come from www.paypal.com. Scammers can easily fake the “friendly name,” but it’s more difficult to fake the full name. A sender such as “PayPal Service (zxk1942R3@gmail.com)” is not a message from PayPal. But sophisticated scammers can sometimes fake the full name, so look for other clues. An email from PayPal will always address you by your first and last names, or your business name.
Emails from PayPal will not ask you for sensitive information like your password, bank account, or credit card. A PayPal email will never contain any attachments or ask you to download or install any software.