PayPal Phishing Scam Strikes Mailboxes

A forceful online campaign is wildly spamming e-mails making fake claims of a security alert that apparently PayPal issued, thus published Nakedsecurity in news on February 23, 2011.

Actually, since more than 200m people use PayPal, online scammers are exploiting the situation for stealing money via treating the website as their main target. A particular method they are using is that of executing phishing attacks for the account information of PayPal users.

Consequently, the users are getting a phishing e-mail captioned "Please confirm your identity" as also an attachment included. But opening this attachment produces an HTML file, which imitates PayPal's web-page named "My Account" directing the user that he must feed personal information, including his credit card details so he may no longer be restricted from accessing his PayPal account.

Astonishingly, the purpose of this assault is for getting the user to divulge his name, birth date, address and credit card information.

Lately, an individual, aged 22 and belonging to Sherwood Nottingham (UK) was charged with having infiltrated 303 PayPal and eBay accounts as well as with siphoning more than $180,000 from authentic accountholders. The invader, it's alleged, cracked many eBay account passwords from where he gained admission into the PayPal accounts of the victims. Subsequently, he wiped these accounts off their balances and moved the money into his own account that he eventually used to make purchases.

Now according to the security researchers, any recipient at the very outset should feel doubtful of the e-mail as the sender's address reveals no indication that the related account is of PayPal's e-mail. However, users overall are being reminded that they shouldn't ever download attachments or click web-links coming via unsolicited e-mails rather they should visit the site directly via manual entry of the URL into the browser's address bar as also verify everything the e-mail claims from there.

Still, if the doubt persists then the user should visit the actual PayPal site followed with the usual logging in exercise and incase there really is a security alert from PayPal, then he can find it through the messaging mechanism of the website itself.

Related article: Paypal – Web Hosting Services Need To Work Hard To Tackle Phishing

» SPAMfighter News - 3/4/2011