According to this email, which purports to be from PayPal, the company is making changes to its legal agreements and you therefore need to click a ‘Confirm Account’ button to accept the changes.
However, the email is not from PayPal. It is a phishing scam designed to steal your PayPal account login details and other personal information. Clicking the ‘Confirm’ link will take you to a fraudulent website that has been designed to emulate the genuine PayPal home page. If you click the login button on the fake website and supply your account login details, you will be taken to a bogus web form that asks you to ‘confirm’ your account by supplying your credit card numbers and other personal information.
But, all of the information you supply on the fake site can be collected by online criminals who will hijack your PayPal account and use the account and your credit card for fraudulent activities.
At first glance, the email may seem genuine. It includes the PayPal logo and colour scheme. Moreover, PayPal does email customers to inform them of changes to legal agreements. However, a closer look reveals that the message contains grammatical errors that are unlikely to appear in a genuine PayPal email.
And, genuine PayPal messages will always address you by your first and last names. They will never use greetings such as ‘Dear Customer’. Nor will they omit the greeting. Furthermore, genuine PayPal emails will never instruct you to click a direct link to confirm your account or update account information. Genuine PayPal policy update emails will usually include a notice such as the following:
To stay safe from phishing, we recommend you always type our URL into your browser address bar instead of clicking links in emails.
PayPal customers are almost continually targeted via phishing scams like this one. Be very wary of any email that claims that you must click a link or open an attached file to provide account information. As PayPal advises, it is always safest to enter the company’s address into your browser’s address bar rather than by clicking a link in an email.
The PayPal website includes an email address that you can use for reporting such scam attempts.
An example of the scam email:
We wanted to inform you…
We’re making some changes to the Legal Agreements PayPal and wish to inform you.
We’re making some changes to the Legal Agreements PayPal, documents that govern our relationship with you. You can see the dictate the details of the changes in the page Policy Updates, which can also be accessed on Click Here by clicking “Legal agreements” in the lower part of the page, then “Policy Updates”.
What should you do?
Visit our Policy Updates to make sure you are together with the changes. If you are satisfied, you do not have to do anything. If you do not want accept the changes, follow the procedure described on page Policy Updates.