Phishing Emails on Tablet Screen
Home ScamsPhishing Scams PayPal ‘Verify to Resolve Account Limitations’ Phishing Scam

PayPal ‘Verify to Resolve Account Limitations’ Phishing Scam

by Brett M. Christensen

Outline

Email, purporting to be from PayPal, claims that the recipient’s account has been limited and that he or she must log in via a link in the message to resolve the issue.

Brief Analysis

The email is not from PayPal and the claim that the user’s account has been limited is untrue. Those who follow the link will be taken to a fake PayPal website that attempts to steal their login details and other personal and financial information.

Example

Verify Identity

Dear Customer,

You may have noticed that some limitations have been placed on you PayPal account. As a valued PayPal customer, we want to le you know what this means an how to resolve the situation.

What does it mean to have limited access?
• Send money to other PayPal users
• Request or receive money from other user
• Edit or remove account details
• Close your PayPal account

How do I resolve the issue?

The account limitation process helps to maintain PayPal as a safer way to buy and sell. It’s similar to passing through a security checkpoint. When we limit an account we often simply ask the user to supply information to verify their identity, financial information or the merchandise they’re selling.

Log on www.paypal.com

PayPal aims to review account information within 48 hours so please aim to get the information to us as soon as possible.
Reviews are performed in the order they are received.

Yours sincerely,
PayPal

Screenshot of scam email

PayPal verify identity phishing email

 

Detailed Analysis

This message, which appears to come from online payment service PayPal, claims that the recipient’s account access has been limited, supposedly as a safety precaution. According to the email, the recipient can resolve the issue by following a PayPal login link in the message and supplying information that will verify his or her identity.

However, the email is not from PayPal. The claim that the account has been limited is a lie designed to trick the recipient into following the link supplied in the message. In fact, the email is a phishing scam that attempts to trick PayPal users into divulging their account login details and other personal and financial information.

Those who follow the link will be taken to a sophisticated, but entirely fake “PayPal” website that has been carefully designed to mirror the real thing. The casual observer might find it difficult to notice any difference between the fake webpage and the genuine PayPal site. If the victim goes ahead and enters his or her login details on the fake webpage, the following “Confirm your identity” web form will appear. The form asks for the victim’s name, address and contact details as well as his or her credit card information:

PayPal confirm identity phishing website

Any information submitted on the fake website – including the user’s PayPal login details – can be collected by the criminals running this phishing expedition. Once they have collected this information from their victim, the criminals can then use it to login to his or her real PayPal account, steal more personal information and make fraudulent PayPal transactions. They can also use the stolen credit card information to commit credit card fraud.

Although the bogus website looks genuine at first glance, a closer appraisal soon reveals telltale signs that skulduggery is afoot. Firstly, none of the navigation tabs or secondary links on the fake login page actually work. Secondly, the web address is not a genuine PayPal domain name. Thirdly, and most importantly, neither the login facility nor the online form use a secure (https) web address. No genuine website or online service would ask users to submit sensitive personal or financial information on a non-secure web page.

The scam email itself also employs an oft-used scammer tactic by disguising the link so that it appears to point to a genuine PayPal web address. While the login link in the message displays as “www.paypal.com”, the actual link underneath is, in fact, an entirely different address.

Because it conducts its operations primarily online and via email, PayPal has become an ongoing target for phishing scammers. Be cautious of any message purporting to be from PayPal that asks you to follow a link to supply personal or financial information. Always log in to PayPal by entering the PayPal address into your web browser.

PayPal has published information on its website that helps users identify phishing scams.  

Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Thank-you.
Brett Christensen