Thursday, June 1, 2017

PayPal ‘Credit Card Removed’ Phishing Scam

written by Brett M. Christensen May 31, 2017

This story was first published on December 19, 2011

Outline:
Email purporting to be from PayPal claims that your credit card has been removed from your PayPal account and that you should follow a link to rectify the issue.

Brief Analysis:
The email is not from PayPal and your credit card has not been removed from the account as claimed. The message is a phishing scam designed to steal your PayPal account information and credit card details.

Example:
Hello [Email Address],
On May 29, 2017, you removed a card from your PayPal account.Any payments you authorized on this card before May 29, 2017 will be completed; however, no new payments will be processed on this card.Didn’t make this update?If you didn’t remove this card, Login here to your PayPal account and review your information as soon as possible. If you notice any unusual activity, please contact us immediately by clicking the Help Center link at the bottom of this email.

Example:
Subject: Your credit card information has been changed!Your credit card information has been changed.On December 13, 2011, your credit card has been removed from your PayPal account.You are receiving this email notification because this email address is listed as the administrative contact email for your PayPal account. If you belive this is an error, click the link below, log in to your PayPal account and follow the instructions.

[Link removed]

Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

Sincerely,
PayPal

—————————————————————-

PayPal Email ID PP8116

Detailed Analysis:
According to this email, which purports to be from online payment service PayPal and sports a seemingly legitimate PayPal logo, your credit card has been removed from your PayPal account. The email claims that if you believe that the credit card removal is an error, you can click a link in the message and follow instructions to rectify the problem.

However, the email is not from PayPal. The claim that credit card details have been removed from the account is a lie designed to fool users into divulging information to cyber criminals.

People who fall for the ruse and follow the link will be taken to a fake “PayPal” website that has been carefully designed to mirror the genuine PayPal website. The casual observer might find it difficult to notice any difference between the fake web page and the real PayPal site. If the victim goes ahead and enters his or her login details on the fake web page, a second form will be displayed. The form asks for the victim’s name, address, contact details, and driver’s licence details as well as his or her credit card information:

All information submitted on the bogus website – including the user’s PayPal login details – can be collected by the criminals operating this scam campaign. Once they have collected this information from their victim, the criminals can then use it to hijack his or her real PayPal account, steal more personal information and make fraudulent PayPal transactions. They can also use the stolen personal and credit card information to commit credit card fraud and identity theft.

Because it conducts its operations primarily online and via email, PayPal has become a regular and ongoing target for phishing scammers. Be cautious of any message purporting to be from PayPal that asks you to follow a link to supply personal or financial information. Always login to PayPal by entering the PayPal address into your web browser. PayPal has published information on its website that helps users identify phishing scams.