Users can verify the return path of the message to check validity

Nov 30, 2013 09:50 GMT  ·  By

Emails claiming to be issued by PayPal online payment service and asking for account login details along with other personal information in order to grant access to “sensitive account features” are currently in circulation.

The message is sent from a spoofed PayPal service address and asks for “verification” of the recipient’s account details in a manner that the real payment service would never do.

With security concerns being invoked, the user is asked to log into the PayPal account by accessing a page in the email that actually redirects to a PayPal phishing site.

“We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited.” – reads the message.

The reason behind this request is the suspicion of unauthorized access to your account by third party on a given date. The date is quite important in this case because if there was not legitimate access at that time, the owner of the account is more motivated to click the bogus links.

Moreover, the cyber criminals have put up another fake page that collects additional information about the user – such as identity and credit card information – claiming that they’re necessary to lift the account restrictions.

Having all these details, they can easily impersonate your identity and commit credit card fraud.

A keen eye can easily identify the fake message by the generic greeting used to address the customer (“Dear valued PayPal member”) instead of their name, as well as grammar mistakes.

To ensure that you don’t fall victim to such schemes, simply log into the PayPal account by typing the URL address yourself and do not click the links in the message.

You can also check the return path in the source of the message, which can be done from the email client and even web mail services from Google, Yahoo and Microsoft.