Email purporting to be from PayPal claims that your account has been limited because some information in the account is missing or incorrect.
The email is not from PayPal and your account has not been limited as claimed. It is a phishing scam designed to steal your PayPal login credentials, your credit card details, and your email account password.
Subject: Your account has been limitedPayPal Secure
Temporary Information Confirmed Thanks for use PayPal! We sent you an email sometime ago asking for your help to resolve an issue with your PayPal account. Since we haven’t heard back from you and we need you to provide some informations, your account is temporarily limited :
– Some informations on your account appears to be missing or incorrect. Please update your account promptly so that you can continue using all the benefits of your PayPal account.
1- Download the attached document and open it in a secure browser.
2- Follow the verification process and give us your correct information. Our new verification measures have been put in place in March 2016 to protect our customers.
According to this email, which claims to be from PayPal, ‘your account is temporarily limited’. Supposedly, the limitation was put in place because ‘some informations on your account appears to be missing or incorrect’. The email claims that PayPal emailed you previously to ask for your help to resolve the issue but they never heard back from you. It instructs you to open an attached file in a secure browser and follow the verification process to supply your correct information.
However, the email is not from PayPal. It is just one more scam email in a continuing stream of similar phishing messages that claim – falsely – that you must take some action to prevent your account being limited, suspended, or closed.
If you open the attachment as instructed, a webpage containing a PayPal login box will open in your default browser. After you ‘login’ on the fake webpage, you will be taken to a second page that contains the following form. The form, titled ‘Safety Measures’, asks for your email address and email password, your name and contact details, and your credit card information:
After you fill in the form and hit the ‘Agree and Continue’ button, you will be redirected to a ‘404 Page Not Found’ error.
Meanwhile, the criminals who sent the email can collect all of the information you supplied and use it to hijack your PayPal account as well as use your credit card to conduct fraudulent transactions. And, because you supplied your email account details as well, they can also take over your email account and use it to send spam and scam emails in your name.
In this version of the scam, the criminals have included the fake form as an attachment as a means of thwarting browser phishing filters. Other versions may ask you to click a link rather than open an attachment.
PayPal scam messages like this one are very common. Be cautious of any email purporting to be from PayPal that claims that you must click a link or open an attachment to deal with a supposed account problem. And remember that genuine PayPal emails will always address you by name. They will never use generic greeting such as ‘Dear Client’ or ‘Dear Customer’.
It is always safest to login to your online accounts by entering the account address into your browser’s address bar or via an official app.
You can report PayPal phishing scam via the reporting details on the PayPal website.
Last updated: April 1, 2016
First published: April 1, 2016
By Brett M. Christensen