‘How To Restore Your Account’ PayPal Phishing Scam

Email purporting to be from PayPal claims that your account has been limited and offers to guide you through the process of restoring the account.

Brief Analysis:
The email is not from PayPal and the claim that your account has been limited is untrue. The message is a phishing scam designed to steal your personal and financial information.

Subject: How to restore your accountDear Valued Client,

We regret to inform you that your account is limited as of today.
However, we will guide you on how you can restore your account.Please do understand that when an account is limited, there are
certain actions that we prevent, including sending, receiving,
or in rare cases, withdrawing money. To protect you and
your account, we have implemented such limitations to ensure
no unauthorized activity is done with your account.

How to lift the limitations:

It’s quite simple, we have sent a form that you can download and open from
the attached file in this email. Please
complete it, and provide the correct information
that we have asked.

We will then review your information, and take
all the necessary actions to remove the limitations from your account so it
will be restored back to its normal state.

We apologize for any inconvenience.

PayPal Security Team

Email contains an attached HTML file that opens the following form in your default browser.

How to restore your account PayPal scam email

Detailed Analysis:
According to this email, which claims to be from PayPal, your account has been limited as of today. The message explains that the company has implemented the limitations to ensure that ‘no unauthorized activity is done with your account’. The message goes on to explain how you can lift the limitation by opening an attached file and providing the ‘correct information’ via a verification form.

However, the email is not from PayPal  and the claim that your account has been limited is a lie designed to trick you into opening the attached file.

If you click the attachment, a form will load in your default browser. The form includes the PayPal logo in an effort to make it appear genuine. The form asks you to provide your name, DOB, social security number, home address, and phone number as well as your credit card numbers. After you provide the requested information, and click the ‘Submit Form’ button, you will be redirected to the genuine PayPal website.

But, meanwhile, the criminals can collect the information you provided and use it to steal your identity and conduct fraudulent transactions using your credit card.

Keep in mind that PayPal will NEVER ask you to provide sensitive personal and financial information via an unsecure form contained in an email attachment. And, genuine PayPal emails will ALWAYS address you by name. They will never use generic greetings such as ‘Dear Valued Client’ or ‘Dear Customer’.

PayPal phishing scams are very common.  Be cautious of any email or text message that claims that there is a problem with your account and you must therefore click a link or open an attached file to restore access or prevent an account suspension. Always access your PayPal account by entering the address into your browser’s address bar or via an official PayPal app.

You can report such scams via the reporting information published on the PayPal website.

Last updated: May 20, 2016
First published: May 20, 2016
By Brett M. Christensen
About Hoax-Slayer

‘You’ve Just Sent A Payment’ PayPal SMS Phishing Scam
PayPal ‘Your Account Is Temporarily Limited’ Phishing Scam
Phishing Scams – Anti-Phishing Information
Report a suspicious email or website