PayPal “Suspicious Activities Notification” Phishing Scam

Email with the subject line “Notification PayPal : Suspicious Activities” claims that you have sent a payment of $863.98 USD for an iPhone 6 to “alie.xyy”.  It claims that that you should click a “Resolve it now” link if  you did not make the transaction.

Brief Analysis:
The email is not from PayPal. The link opens a fraudulent website that tries to trick you into divulging your PayPal login details, your credit card numbers, your name and address, and other sensitive personal information.

Subject: Notification PayPal : Suspicious Activities


Dear [Email address removed],

We confirm that you have sent to alie.xyy( a payment of $ 863.98 USD via PayPal.

This credit card transaction will be shown on your statement as “PAYPAL * Alie.Xy”.

This Isn’t you ?

Resolve It Now

PayPal reslove It now Phishing Scam Email

Detailed Analysis:
According to this email, which purports to be from PayPal, you have sent a payment of $863.98 USD for an iPhone 6 to a user named “alie.xyy”. The email, which is supposedly  a “suspicious activities” notification, advises that if the transaction described was not something you did, you can click a link to “Resolve it now”.

However, the email is not from PayPal and the suspicious activities claim is untrue. The transaction described in the email never took place. Instead, the email is a phishing scam designed to steal your personal and financial information.

The criminals responsible for this phishing attack hope that at least a few recipients, panicked into believing that their PayPal account has been used to conduct fraudulent transactions, will click the link in the hope of resolving the issue.

If you do click the link, you will be taken to a bogus website that has been built to closely emulate the genuine PayPal website.  The page asks you to login with your PayPal email address and password.

If you do “login” on the fake site, you will be taken to a second page that explains that your PayPal account has been limited and what you must do to restore access:

PayPal Account Limited Phishing Notice

If you click the “Continue” button, you will be taken through a series of fake forms that ask for your name, address, and contact details, your credit card numbers, and other identifying information such as your driver’s licence number and your mother’s maiden name:

PayPal Fake Update Form

At the end of the process, you may  see a final notification that claims that your account access has been restored.

But, alas, the criminals can now use the information you submitted on the fake site to hijack your PayPal account and use it to conduct fraudulent transactions. They can also use your credit card for further fraudulent transactions. And, they may have enough of your information to allow them to steal your identity.

PayPal phishing scams are very common and take many forms. Keep in mind that genuine PayPal emails will ALWAYS address you by name. They will not use generic greeting such as “dear customer”. Nor will they use your email address as a greeting. PayPal will NOT send you an email that demands that you click a link to resolve an account problem, deal with a security issue, or update account details.

It is always safest to login to your PayPal account by entering the address into your browser’s address bar or via a trusted app.

PayPal includes information about phishing and how to report scam messages on its website.

Last updated: October 18, 2016
First published: October 18, 2016
By Brett M. Christensen
About Hoax-Slayer

PayPal “Verification Required” Phishing Scam Email
‘We Noticed Some Unusual Activity’ PayPal Phishing Scam Email
PayPal ‘Your Account Is Temporarily Limited’ Phishing Scam
PayPal – Watch out for hoaxes, phishing and scams