Message purporting to be from PayPal claims that a transaction was declined because recent activity on the recipient’s account seemed unusual. The email instructs users to process a form in an attached file to confirm account information.
The email is not from PayPal. It is a quite sophisticated phishing scam attempt designed to steal PayPal login details and other financial information from recipients.
Subject: Your transaction was declined
Recently, there’s been activity in your account that seems unusual compared to your normal activities. We’re concerned that someone is using your PayPal account without your knowledge.
Recent activity on your account seems to have occurred from a suspicious location or under circumstances that may be different to usual.
What to do ? The best way to resolve this and avoid it happening again is to confirm information you provided when you created your account to make sure that you’re the account holder . You can do that now.
The secure way to confirm your account information:
1. Download the attached Document.
2. Open the document in a browser window secure.
3. Follow the instructions to Confirm that you are the account holder.
Yours sincerely, PayPal
According to this email, which purports to be from PayPal, a recent transaction has been declined and recipients must confirm their account details for security reasons. The message claims that activity on the targeted account has been deemed unusual compared to the recipient’s normal activity.
The email comes complete with the PayPal logo and is professionally formatted so that it gives the illusion of being a genuine PayPal message. The email explains that, in order to resolve the declined transactions issue, recipients must open an attached file and fill in a form that confirms the information that they provided when they originally created the account.
However, despite its legitimate appearance, the message is not from PayPal. Instead, it is a quite sophisticated phishing scam designed to steal PayPal login details as well as other personal and financial information.
People who do open the attached file as instructed are presented with a seemingly typical PayPal login window that loads in their browser. The login page very closely emulates a genuine PayPal webpage. After users enter their login details, they will be taken to a second page that asks for personal and contact data.
After completing the form, they will be taken to a third page that asks them to provide bank account details and credit card numbers.
Users will then be taken to a confirmation page that claims that they have successfully restored access to their accounts. Finally, they will be redirected to the genuine PayPal website.
The fake forms even do basic error checking to ensure that victims have input the correct types of data. All of the information provided on the bogus forms can be collected by criminals and used to hijack genuine PayPal accounts, commit bank and credit card fraud and steal the identities of victims.
By its very nature, PayPal conducts almost all its business and customer communications via email and the Internet. This has made it a favourite prey for phishing expeditions. In fact, scammers almost continually target PayPal.
Some such phishing emails are quite crude and can be easily recognized as fraudulent via very poor spelling and grammar and unprofessional presentation.
Some, such as this example, are considerably more sophisticated and therefore more dangerous. Even more computer-literate users might fall for such scams, especially if they are busy or tired.
If you receive a PayPal phishing scam, you can submit it to the company for analysis via the email address listed on PayPal’s website. Remember that PayPal emails will ALWAYS address you by your first and last names. They will never use generic greetings such as ‘Dear customer’.
Importance NoticeAfter considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.
These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.
Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.
And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.
When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.
I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.
A Big Thank YouI would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.
I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.
Closing DateHoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.
Thank you, one and all!