The Latest Paypal Phishing Attempt

I found the following e-mail in my in-box today:

“Dear PayPal user,
As part of our security reasons, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.
We requested information from you for the following reason:
We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.
Case ID Number: PP-503-472-569
This is a reminder to restore your account as soon as possible.
Please download the form attached to this email and open it in a web browser. Once opened, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.
In accordance with PayPal’s User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time,
it may result in further limitations or eventual account closure. We encourage you to restore your PayPal account as soon as possible to help avoid this.
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
—————————————————————-
Copyright © 1999-2011 PayPal. All rights reserved.
PayPal (Europe) S.à r.l. & Cie, S.C.A.
Société en Commandite par Actions
Registered Office: 5th Floor 22-24 Boulevard Royal L-2449, Luxembourg
RCS Luxembourg B 118 349
PayPal Email ID PP3573”

The Form to download mentioned in the fraudulent text is called Restore Your Account.html. Don’t open it under any circumstances. You should never open any attachments in an e-mail coming from an unknown source. This is a principle to stick to; and if you delete one from your friends that you should have opened after all, they’ll send it to you again after checking back with them.

The tell-tale signs that alerted me immediately were the following ones:

The recipient’s e-mail address (i.e. mine) was missing in the header of the message.

The sender addressed me as Dear PayPal user; PayPal always uses first and last names when sending you messages. It states on its homepage: “A typical phishing email will use a generic greeting for everyone, such as ‘Dear User’ or ‘Dear Customer’. All PayPal emails will greet you by your first and last name.”

The e-mail threatens me with closure of my account because of an irregularity with use of my credit card. I don’t use a credit card, as a first; as a second, such a threat is typical for phishing e-mails. As PayPal states again: “Most phishing emails threaten that your account will be in jeopardy if you do not undertake some action immediately. An email that urgently requests you to supply sensitive personal information is usually an attempt at fraud.”

And finally there is the use of an attachment which is a dead give-away. Again PayPal: “Attachments in phishing emails are dangerous. Never click on an attachment in a suspicious or unusual email: it may download spyware or a virus on your computer. PayPal (and most reputable companies) will never email you an attachment or a software update to install on your computer.”

This all comes down to the usual conclusion: Keep your eyes open and don’t let yourself be phished. Ever. This will keep you from becomes one of the many victims of fraud. You know it all? I think it bears repeating.

Related articles
Gumtree.com Users Hit by Fraudsters
Typical Internet Fraud by E-mail
Free Apps Feed Big Brother Risking Your Privacy by Surfing in Public