PayPal Logo on Tablet Computer
Home ScamsPhishing Scams PayPal ‘ASDA Order’ Phishing Scam

PayPal ‘ASDA Order’ Phishing Scam

by Brett M. Christensen

Outline

Emails purporting to be from PayPal claim that the recipient has submitted an order to ASDA.

Brief Analysis

The emails are not from PayPal. They are phishing scams designed to steal personal and financial information from recipients.

Example

Subject: Receipt for your PayPal payment to ASDA Direct

Dear user ID –
You sent a payment of £ 399.99 GBP to ASDA Direct.

Thanks for using PayPal. To see all the transaction details, log in to your PayPal account.

It may take a few moments for this transaction to appear in your account.

PayPal ASDA Phishing Scam 1

 

Subject: You submitted an order amounting of 59.99 GBP to Asda Stores Limited

Thanks for using PayPal. Please note that this is not a charge. Your account will
be charged when the merchant processes your payment. You may receive multiple emails as the merchant processes your order.

Your funds will be transferred when the merchant processes your payment. Any money in your PayPal account at that time will be used before any other payment source.

View the details of this transaction online

PayPal ASDA Phishing Scam 2

 

Detailed Analysis

These messages, which purport to be from online payment service PayPal, claim that the recipient has submitted an order to ASDA. The emails include information about the supposed order. Details such as the type of item and the item price may vary in different versions of the emails.
The messages, which closely emulate the style and formatting of a typical PayPal transaction notification email, invite recipients to click a link to view transaction details online. Some versions include a ‘dispute transaction’ link instead.

The emails are not from PayPal and the order details listed in the message are invalid. In fact, the messages are phishing scams that attempt to trick recipients into sending personal and financial information to Internet criminals.

The scammers hope that at least some recipients, panicked into believing that unauthorised transactions have been made via their PayPal account, will click the link to dispute the transaction or seek further information.

Those who do click the link will be taken to a fake PayPal website. The site either runs a script that makes it appear that the visitor has been automatically logged into his or her PayPal account or asks the visitor to enter the account login details.

Once ‘logged in’, the user will be presented with a fake form that asks for credit card details as well as contact and other personal information. When the user clicks ‘Submit’ on the fake form, the site will automatically redirect to the genuine PayPal website.

Meanwhile, the criminals can collect all of the information submitted via the fake form and use it to commit credit card fraud and identity theft.

PayPal customers are almost continually targeted by phishing scammers. When sending emails, PayPal will ALWAYS address you by name, never’Dear Customer’ or other generic greetings. Be wary of any PayPal email that claims that you must click a link to verify a payment or update account details.

It is always safest to login to your PayPal account by entering the address into your browser’s address bar rather than by clicking a link in an email.

You can report PayPal phishing scam emails that you receive via the reporting email address listed on the company’s website.



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer