Phishing Reading Time: 3 minutes

The Comodo Antispam Labs team has identified a new phishing threat, targeted at all businesses and consumers who use PayPal – a phishing threat designed to try and steal IDs, passwords and credit card information. PayPal has more than 169 million active accounts*

Email scams

The fake PayPal email claims that there has been unusual activity on the victim’s account and they need to confirm if the receiver of the mail is the account holder. The email then tells the potential victim to download an attachment and enter their account and card information. When the user downloads the attachment and fills in the form, the potential victim’s information is sent to the attackers.

The Comodo Antispam Labs team identified the PayPal phishing email through IP, domain, and URL analysis, and the Labs’ continuous monitoring and scanning of data from the users of Comodo’s internet security systems.

“The Comodo Antispam Lab is an expert resource of engineers and computer science professionals, who use innovative and proprietary Comodo cybersecurity technology to protect and secure the online world,” Fatih Orhan, Director of Technology for Comodo.  “We will continue to work diligently in creating and implementing innovative technology solutions that stay a step ahead of the cyber criminals, and keep enterprises and IT environments safe.”

If you feel your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, contact the security consultants at Comodo Antispam Labs

Captured from the Comodo Antispam Labs, screen grabs and information on the PayPal phishing emails are below.

*data pulled from PayPal’s web site:

Phishing Email and Screengrabs

From: paypal <>
Subject: We just need to confirm your billing address



The PayPal phishing email includes an attachment which is an html file. Upon opening the html file in an internet browser, a page opens which is replicated version of PayPal’s website. The purpose of this attachment is to steal the victim’s PayPal information and password.

In the first page it asks for the victim’s personal information, e-mail address and PayPal password.


It the second page, it asks for address information and a mother’s maiden name.


In the final page, they ask for the credit card information – all with a look, feel and style that simulates the email came from PayPal directly.


Once the potential victim fills in the final pieces of information, it is sent off the cyber criminals.

Website Security Software