PayPal “Account Access Limited” Phishing Scam

Outline:
Email purporting to be from PayPal claims that your account has been limited because PayPal needs more information to help confirm your identity or account information.




Brief Analysis:
The message is not from PayPal. It is a phishing scam designed to trick you into divulging your account login details, credit card numbers, and other personal information to cybercriminals.

Example:
Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we’ve temporarily limited what you can do with your account until the issue is resolved.We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.What’s the problem?We need a little bit more information about you to help confirm your identity.

Case ID Number: PP-001-487-280-335

PayPal Account Limited Scam

 

Example:
PayPal Account Access Limited Phishing Scam





Detailed Analysis:
According to this email, which purports to be from PayPal, your account has been limited because the company needs more information about you. The message claims that, in order to resolve the issue, you need to click an update button to provide information to help confirm your identity. A later version claims that you need to click a “log in” button to confirm your account information.

The message includes the PayPal logo.

However, the email is not from PayPal and the claim that the recipient’s account has been limited is a lie. Instead, the email is a phishing scam designed to trick you into giving your personal and financial information to online criminals.

The link in the message opens a bogus web page that is designed to emulate a genuine PayPal website. Once on the fake site, you will be asked to log in by providing your PayPal email address and password.

After submitting your login credentials, you will be taken to further bogus web pages that request contact and identity details and credit card information.

All of the information supplied can be collected by criminals and used to hijack your PayPal account and commit credit card fraud and identity theft.

When sending emails, PayPal will always address you by name, never “Dear Customer”, “Valued PayPal Member” or other generic greetings. Be very cautious of any message purporting to be from PayPal that claims that you must click a link or open an attachment to update account details or fix an account issue. If you receive such an email, do not click any links or open any attachments that it contains. It is always safest to login to your PayPal account by entering the address into your browser’s address bar rather than by clicking a link in an email.

You can report PayPal phishing scam emails that you receive via the reporting email address listed on the company’s website.




Last updated: December 5, 2016
First published: November 29, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams – Anti-Phishing Information
PayPal ‘Verify to Resolve Account Limitations’ Phishing Scam
Report PayPal Phishing