Scam of the day – August 15, 2015 – Paypal email phishing scam

Today’s Scam of the day comes directly from my own email and I am sure it has turned up in yours as well.  PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to update your credit card information.  However, anyone responding to the email copied below would either end up providing credit card information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

“Account User,

The credit card in your account has expired; you are required to update your payment method to keep your account active.

Rectify payment method today by following the link below:

https://www.paypal.com/ca/cgi-bin/webscr?cmd=_add%id3752891

You can always add a new card

Sincerely,
PayPal”

This particular phishing email is not particularly sophisticated.  It comes from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It is not addressed to me personally, no logo of the company appears anywhere in the email and the language of “rectify payment” is somewhat inappropriate.  It is a pretty amateurish attempt.

TIPS

The primary question we all face when we receive such an email asking for credit card information or other personal information that may appear to be legitimate is how do we know whether to trust it or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such email appear, you should not provide any personal information until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.