14 DAY TRIAL // Security researchers from Avira have spotted an email PayPal phishing attack currently hitting people's inboxes which has both an English and a French version.
"We don’t see a phishing attack executed simultaneously in two languages every day," says Sorin Mustaca, data security expert at Avira.
Mr. Mustaca points out that the two emails are almost identical, except for the language, even down to the Reference Number mentioned in the text.
The only other difference is that the English version advertises a link to the phishing page, while the French variant has a button.
The lure is a common one and tries to scare users into believing their accounts have been limited due to unusual credit card activity.
"As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account. We requested information from you for the following reason:
"Our system detected unusual charges to a credit card linked to your PayPal account. Reference number: PP-259-187-991.
"This is the Last reminder to log in to PayPal as soon as possible. Once you log in, you will be provided with steps to restore your account access," part of the message reads.
Ironically, to increase the credibility of the email, the phishers even included legit anti-phishing advices for users.
Another noteworthy aspect of this attack is that the message is very well formulated compared to the majority of phishing scams.
PayPal users should always be on the lookout for fraudulent emails such as this one, because the online payment service is, by far, the most phished brand on the Internet.
According to statistics from OpenDNS' PhishTank system, PayPal accounted for 45.9% of all phishing attacks validated in 2010. That's nine times more than the next most popular target, Facebook.