Malware experts report the revival of Paypal phishing campaign

Paypal is one of today’s most popular online payment platforms which gathers 32 million registered users, has 100 available currencies and processes approximately 5 billion payments a year[1]. Having in mind such staggering statistics, it no longer seems surprising that Paypal and its users often become subjects of phishing and hacking attacks. In fact, we first started hearing about malicious spam campaigns related to Paypal as early as 2003. Back then, the users were being sent fake emails notifying about supposedly expiring Paypal accounts and were urged to provide credit card information and other credentials in order to extend this expiration date[2]. As for today, the scamming practices do not seem to have undergone any drastic changes. Of course, there were some advancements in the phishing techniques that the hackers use to gain the information they need. It is especially evident in the latest phishing campaign that surfaced at the beginning of 2017.

Image of the Paypal phishing scam

The criminals behind this new scam are more careful than their predecessors. They serve the potential victims with very well-designed emails that feature the official Paypal logo and a formal tone of writing. The emails explain that the site’s security team has spotted some unusual behavior on the user’s account and that certain limitations have been set to prevent unexpected financial violations. This is a clever and convincing strategy to get the potential victims hooked for the proceeding steps of the scam. If this works out and the victim clicks on a fake “Log in” button below the email, things grow more dangerous. The user gets redirected to a Paypal replica site which looks exactly like the original one. The hackers even implement the SSL authentication certificate[3] just so that this landing site would appear more legitimate and trustworthy. Of course, this fake domain is not related with in any way and was merely developed to steal login credentials and phish other sensitive information from the unsuspecting users. The further into the site you go, the more fill-in forms appear asking you to provide your home address, date of birth, phone number, social security number and other information that would help the criminals hack into your bank accounts and commit other identity theft-related[4] offenses.

To avoid getting caught in such scams, stay away from spam section of your email[5]. It is unlikely that legitimate emails from Paypal or any other reputable websites would end up in this catalog. Even if the malicious email slips through into your main Inbox folder, you still can avoid being scammed by closely investigating the emails for grammar and syntax mistakes (scammers usually leave quite a lot of them in their work) or simply get in touch with the official Paypal service representatives and double-check all the facts.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions