PayPal users are being urged to be on the lookout for a legitimate-looking phishing email preying on customers.
The warning, issued by MailGuard, comes after the email security provider detected the scam on Sunday evening.
It appears the scam email uses the display name ‘PayPal’ and the message to users says it is a “quick confirmation” that a new email address has been added to their PayPal account.
“The email states that if users did not add this address to their account, there is a link to ‘let us know right away’ to help ensure that their account remains safe,” the MailGuard warning says.
The scam then prompts its unsuspecting victims through a series of steps to extract contact details and confidential billing information.
“The hallmark of this scam lies in not only how well-designed it is, but how it ironically utilises safety features to steal confidential data of users,” MailGuard said.
“It appears the email is sent using a compromised account of the newsletter email service, newsletter.com.au.”
The security provider included screenshots of the scam email it had intercepted, showing the extent to which the phishing email looked unnerving in its legitimacy.
“Several techniques have been employed in this email to look like a genuine notification from PayPal, including the usage of high-quality graphical elements such as the company’s logo and branding,” the security provider explained.
“Another technique is the attempt to evoke urgency; telling the recipient to ‘let us know right away’ creates a sense of anxiety and panic that their account isn’t safe.
“This also motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.”
MailGuard also added that it was interesting to note how the body of the scam email ironically focused on securing user’s PayPals accounts in order to give it a “sense of legitimacy”.
Do you have a story tip? Email: firstname.lastname@example.org.