Phishing Emails on Tablet Screen
Home ScamsPhishing Scams PayPal ‘Verify to Resolve Account Limitations’ Phishing Scam

PayPal ‘Verify to Resolve Account Limitations’ Phishing Scam

by Brett M. Christensen

Outline

Email, purporting to be from PayPal, claims that the recipient’s account has been limited and that he or she must log in via a link in the message to resolve the issue.

Brief Analysis

The email is not from PayPal and the claim that the user’s account has been limited is untrue. Those who follow the link will be taken to a fake PayPal website that attempts to steal their login details and other personal and financial information.

Example

Verify Identity

Dear Customer,

You may have noticed that some limitations have been placed on you PayPal account. As a valued PayPal customer, we want to le you know what this means an how to resolve the situation.

What does it mean to have limited access?
• Send money to other PayPal users
• Request or receive money from other user
• Edit or remove account details
• Close your PayPal account

How do I resolve the issue?

The account limitation process helps to maintain PayPal as a safer way to buy and sell. It’s similar to passing through a security checkpoint. When we limit an account we often simply ask the user to supply information to verify their identity, financial information or the merchandise they’re selling.

Log on www.paypal.com

PayPal aims to review account information within 48 hours so please aim to get the information to us as soon as possible.
Reviews are performed in the order they are received.

Yours sincerely,
PayPal

Screenshot of scam email

PayPal verify identity phishing email

 

Detailed Analysis

This message, which appears to come from online payment service PayPal, claims that the recipient’s account access has been limited, supposedly as a safety precaution. According to the email, the recipient can resolve the issue by following a PayPal login link in the message and supplying information that will verify his or her identity.

However, the email is not from PayPal. The claim that the account has been limited is a lie designed to trick the recipient into following the link supplied in the message. In fact, the email is a phishing scam that attempts to trick PayPal users into divulging their account login details and other personal and financial information.
Those who follow the link will be taken to a sophisticated, but entirely fake “PayPal” website that has been carefully designed to mirror the real thing. The casual observer might find it difficult to notice any difference between the fake webpage and the genuine PayPal site. If the victim goes ahead and enters his or her login details on the fake webpage, the following “Confirm your identity” web form will appear. The form asks for the victim’s name, address and contact details as well as his or her credit card information:

PayPal confirm identity phishing website

Any information submitted on the fake website – including the user’s PayPal login details – can be collected by the criminals running this phishing expedition. Once they have collected this information from their victim, the criminals can then use it to login to his or her real PayPal account, steal more personal information and make fraudulent PayPal transactions. They can also use the stolen credit card information to commit credit card fraud.

Although the bogus website looks genuine at first glance, a closer appraisal soon reveals telltale signs that skulduggery is afoot. Firstly, none of the navigation tabs or secondary links on the fake login page actually work. Secondly, the web address is not a genuine PayPal domain name. Thirdly, and most importantly, neither the login facility nor the online form use a secure (https) web address. No genuine website or online service would ask users to submit sensitive personal or financial information on a non-secure web page.

The scam email itself also employs an oft-used scammer tactic by disguising the link so that it appears to point to a genuine PayPal web address. While the login link in the message displays as “www.paypal.com”, the actual link underneath is, in fact, an entirely different address.

Because it conducts its operations primarily online and via email, PayPal has become an ongoing target for phishing scammers. Be cautious of any message purporting to be from PayPal that asks you to follow a link to supply personal or financial information. Always log in to PayPal by entering the PayPal address into your web browser.

PayPal has published information on its website that helps users identify phishing scams.  

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer