Cyber con artists are posing as members of the PayPal security team investigating suspected fraud on a user's account in yet another phishing scam.
Emails are sent from email@example.com - rather than a PayPal address - informing the recipient it has "detected unusual charges to a credit card linked to your account".
The message alleges that the recipient's PayPal account has been "limited" because a "number of suspicious activities have triggered our security system that shows that an unauthorised user tried to access your PayPal account with malicious intent".
Then follows an instruction to download a dodgy dossier that will no doubt try to steal your personal details - and ultimately your money
- from your computer.
The email reads: "We have sent you an attachment containing the necessary steps in order to restore your account to its normal state. Simply download and open it in your web browser."
In an attempt to reassure the message is genuinely from PayPal, it follows up with: "Please do understand that this is a security measure intended to protect you and your account. We apologize for any inconvenience."
At the very bottom of the message, the following line appears in smaller text: "Please do not reply to this email. This mailbox is not monitored by our staff. For assistance, you may log in to your PayPal account and click Help in the top right corner of the home page."
This, again, is an attempt by the fraudster to look legitimate. But the very fact that the email contains an attachment - something a real PayPal message would never contain - is the biggest clue to its bogus nature.
And unlike similar scam emails Moneywise has seen previously, the spelling and grammar used in the message is pretty good so it's not so glaringly obvious that the message is fake.
On the real PayPal website, the real web security team recommend anyone receiving what they believe to be a suspicious email to forward it to firstname.lastname@example.org.
"Our security experts will be able to look at the email to determine if it is a fake. If it is a fake, then we will get the source of the email shutdown as quickly as possible. By reporting these emails you will protect yourself and everyone else too," says the company.
What is 'phishing'?
PayPal explains it as follows: Phishing is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive personal information, such as credit and debit card numbers, bank information or account passwords.
Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malware.
PayPal's advice for spotting scam emails is to look out for:
- False sense of urgency - many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
- Fake links - These may look real, but they can lead you astray. Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don't click.
- Attachments - A real email from PayPal will never include an attachment or software. Attachments can contain malware, so you should never open an attachment unless you are 100% sure it's legitimate.
- If you are not sure whether a PayPal email is legitimate or not, here is what you do: Do not click on any link in the email. Instead, start a browser, go to PayPal and log in. If there is any urgent message for you, you will see it as you log in.