Warning over 'legitimate-looking' PayPal email scam

PayPal users are being urged to be on the lookout for a legitimate-looking phishing email preying on customers.

The warning, issued by MailGuard, comes after the email security provider detected the scam on Sunday evening.

It appears the scam email uses the display name ‘PayPal’ and the message to users says it is a “quick confirmation” that a new email address has been added to their PayPal account.

“The email states that if users did not add this address to their account, there is a link to ‘let us know right away’ to help ensure that their account remains safe,” the MailGuard warning says.

MailGuard has intercepted the spoofing scam on Sunday. Source: MailGuard

The scam then prompts its unsuspecting victims through a series of steps to extract contact details and confidential billing information.

“The hallmark of this scam lies in not only how well-designed it is, but how it ironically utilises safety features to steal confidential data of users,” MailGuard said.

“It appears the email is sent using a compromised account of the newsletter email service, newsletter.com.au.”



The scam utilises legitimate-looking notifications and the PayPal logo. Source: MailGuard

The security provider included screenshots of the scam email it had intercepted, showing the extent to which the phishing email looked unnerving in its legitimacy.

“Several techniques have been employed in this email to look like a genuine notification from PayPal, including the usage of high-quality graphical elements such as the company’s logo and branding,” the security provider explained.

“Another technique is the attempt to evoke urgency; telling the recipient to ‘let us know right away’ creates a sense of anxiety and panic that their account isn’t safe.

MailGuard is warning email users to be on the lookout for the scam that disguises itself as PayPal. Source: Getty, file

“This also motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.”

MailGuard also added that it was interesting to note how the body of the scam email ironically focused on securing user’s PayPals accounts in order to give it a “sense of legitimacy”.

Do you have a story tip? Email: newsroomau@yahoonews.com.

You can also follow us on Facebook, download the Yahoo News app from iTunes orGoogle Play and stay up to date with the latest news with Yahoo’s daily newsletter. Sign up here.