"PP Customer Service" - New phishing email on behalf of PayPal

A few days ago, PayPal changed the terms of use and terms and conditions, which is currently used by fraudsters to send phishing emails. A scam email also landed in my mailbox. Like so many before her, it reveals itself through a few details that you can also recognize quickly and easily. In this post, I'll tell you what they are. A general guide to phishing, the common methods and the most common features that make the fraud apparent can be found here: Phishing Mails - Recognize fake messages quickly.

PayPal recently sent an email about the updated terms and conditions - fraudsters are now sending this phishing email around, which is based on it. Do not click on the link and do not reveal your details! Here you can find out how to expose these and similar emails as fraud!

PayPal recently sent an email about the updated terms and conditions - fraudsters are now sending this phishing email around, which is based on it. Do not click on the link and do not reveal your details! Here you can find out how to expose these and similar emails as fraud!

Detect current PayPal phishing emails in just a few steps

Above you can see a screenshot of the email that supposedly came from PayPal. I have marked three important features for you to help identify the message as a fake from fraudsters:

  1. Generic name and wrong email address
  2. Generic subject
  3. Link to Russian website

1. Name and address are wrong

The above view comes from the Apple software "Mail", which is installed by default under macOS and in which e-mails and e-mail accounts can be organized. You can also query the address behind a sender name in Thunderbird, Outlook or on the websites of your mail providers (GMX, WEB, Yahoo, etc.). In Mail, this works by hovering over the name with the mouse cursor or clicking on it, and then clicking the arrow that appears to the right of the name. A menu opens that shows the sender address in the first place and in which the useful item "Block contact" can be found (see picture).

2. Subject is too generic

The subject "New message" is almost a standard feature for phishing emails or other attempts at fraud by electronic mail. Sometimes the scammers try a little harder, but in this case they don't. For comparison: the email actually sent a few days ago by PayPal with the reference to the new terms and conditions, which will come into force on June 16, 2020, had the subject "Pending changes to the terms and conditions of PayPal". That alone is no guarantee of a real email, but it makes it all the more clear that “New Message” is not a subject that the payment service would choose.

3. DO NOT click the link!

Why do I know that the link leads to a Russian website? Because I placed the mouse cursor over it. If the mouse pointer hovers over the "Continue" link of the mail, the URL behind it is displayed. You don't have to click the link to do this - and neither should you. If the mouse pointer hovers over it, the stickstart (dot) ru page is displayed. I did not include it here as a correctly spelled URL or link so that you would not call it up. Who knows what kind of malware is behind it ...

PayPal email on "Directive 2015/2366 (PSD2)"

Whenever a new guideline, a new law or new terms and conditions come into force, fraudsters crawl out of their holes and try to steal data from gullible people. The mails get better and better - errors in the text are less and less common. And if so, then mostly comma errors that are seldom noticed. Often times, pressure is also built up. You should act quickly and enter the data without errors, otherwise the account will be blocked, and so on. A corresponding email made the rounds in January: PayPal e-mail on "Directive 2015/2366 (PSD2)" is phishing! - This message could be exposed as a fake at first glance, but there were still enough clues for a second and third glance. Check it out ;)

-
 

 

Effectively for free: iPhone 13 Mini and iPhone 13 deals with top conditions at Otelo - Advertisement

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .