Paypal’s “ID Review Department” is trying to get your personal information again. This time, the scammers have created a very sophisticated pharming site, but the email message is still a classic example of a phishing scam:
Click smaller image for a larger version
The pharming site may look like Paypal, but check the URL:
Click smaller image for a larger version
There are several errors in the email message that indicate it is a phishing scam:
- If you hover over the link, it does not lead to Paypal.
- There are several grammar errors in the message.
- ID Review Department is seen in other Paypal scams.
- The message is not sent from Paypal.
And, just like any legitimate online business, Paypalwill never ask you to change your personal information over an email message. If you have any doubts about your personal information’s privacy, call the company or manually type the URL in the address bar.
According to the “ID Review Department,” there has been an error while processing your PayPal payment:
Click smaller image for a larger version.
It is clearly a phishing scam due to several obvious flaws:
- The message is from poypel.com, not paypal.com.
- There are glaring grammar and spelling mistakes. They spelled “member” wrong!
- The message is asking for your personal information by clicking an external link.
- “ID Review Department” sounds oddly specific and probably does not exist.
Remember, PayPal would never ask for your personal information through an email. If you have any doubts about your account’s security, call them or manually type the URL in the address bar.
PayPal says I paid WHAT!?!
Click to view larger image.
Don’t fall for it. The immediate reaction may be to click one of the links in the email, but avoid this temptation. Clicking could lead to a page, where you unknowingly type in your PayPal password because you think you are logging into PayPal.
Instead, open a new browser window and manually type the PayPal URL [paypal.com] to ensure you access the real site. After logging into your account, check your transaction history. If something is off, contact PayPal using the methods available on the legitimate PayPal web site. DO NOT use the methods in the phishing email, unless the charge was legitimate.
Though this email looks legitimate, let’s look at some of the obvious indicators that it is a phishing scam:
- All of the links in the email are the same. Therefore, no matter where you click you’ll end up right where the scammers want you to be.
- PayPal’s email address in the “From” section is NOT a PayPal email. Typically, email from PayPal use firstname.lastname@example.org or email@example.com [see image #1]
- A PayPal receipt always includes the recipient’s shipping address. However, in this example, the scammers only included the seller’s shipping address. [see image #2]
- A big warning sign should be the product listed as purchased. If you know you didn’t buy it–or spend that much money on anything using PayPal–or don’t even have a PayPal account, be weary of anything inside of that email.
- PayPal will use your name in the email when addressing you (i.e. “Hello Jane Smith”–not your email address).
- The information in the footer of the email is different from the information PayPal uses in the footer of their transaction receipt emails. [see image #3 for the CORRECT footer info.]
#1: Not a typical email address used by PayPal
#2: That is definitely not my address!
#3: This is what a REAL PayPal email footer looks like.
Last week, the LearnIT Express webcast was called “Phishing Blues.” It ran about 12-13 minutes, included annotated examples (and discussion) of some of the scams seen at UD, and some suggestions for what to do if you fall for a phishing scam or submit personal information at a pharming site.
It is available for viewing on demand.
Congratulations, UD colleagues. You’re starting to catch more and more phishing scams without help from IT or your departmental IT professional!
Today we’ve had multiple reports about this fake PayPal notice:
PayPal is NOT going to send a notice like this to a visible mailing list. Do you know how to recognize this scam?
Just like some of the other scams we’ve seen lately, this one looks good at first, but in about 5 seconds you should be able to tell it’s a scam:
- The large payment amount is supposed to send you into a panic so you just click one of the links in the message to investigate.
- The message is sent to multiple email addresses. And you can see those addresses. Some of the phishing scam boiler rooms have been sending out a lot of phishing spam with this trait. PayPal, American Express, Banks, credit card companies, merchants, and other legitimate entities will never reveal customer email addresses to other customers.
- The links in the message do not go to a valid PayPal site. If you see a message like this one, hover your mouse over a link before you click. See where it goes.
You’re always safest to not click links in a message like this one. If you want to check to see if this is a valid notification, it’s much safer to log into your PayPal account using the standard URL you know and trust.
See a message like this one? Just delete it.