PayPal is a popular payment service used successfully by many people particularly when making purchases through eBay. However, because it is so popular with the public, it is also popular with scammers who will fashion PayPal related phishing emails that appear to come from PayPal.  These phishing emails attempt to either lure you into clicking on links that will result in malware being downloaded on to your computer or phone or lure you into providing personal information that can be used to make you a victim of identity theft. I have described many of these phishing emails as they have been uncovered in the last few years and the PayPal phishing email about which I am writing today comes from my own email. As is so often the case with phishing emails, it attempts to lure you into responding by clicking on links or providing personal information in response to a purported emergency.  In this case, it tells me that I must update my information in order to continue to use my PayPal account.  The graphics are good and the grammar is not faulty, but neither of those things indicate that the email is legitimate.  Most telling is the fact that the email comes from an address that has nothing to do with PayPal, but is most likely a part of a botnet used to send out spam and phishing emails.  In addition, the email is directed to me as “Dear Customer” rather than referring to my name.  It also does not include my account number.

Here is  copy of the email I received.

PayPal

Dear Customer

To get back into your PayPal account, you’ll need to update your account information.

It’s easy:

  1. Click the link below to open a secure browser window.
  2. Confirm that you’re the owner of the account, and then follow the instructions.
  3. confirm  all information
  4. access your account as normal
Resolve

Copyright © 1999 – 2018 PayPal. All rights reserved.

TIPS
The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not. The answer is, as I always say, trust me, you can’t trust anyone. Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified that the request for personal information or instructing you to click on a link is legitimate. In the case of PayPal, if you have a question about your account, you can contact PayPal online at https://www.paypal.com/re/selfhelp/home
If you do receive a PayPal phishing email, you should forward it to PayPal at spoof@paypal.com

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”