Cleverly designed fake PayPal emails inform recipients that a system error caused some changes to be made to their accounts.
Entitled “We do apologise for this mistake which was caused by erros from our system,” the emails bear the PayPal logo and even a VeriSign Identity Protection emblem to make everything more legitimate-looking.
“Our record shows that you have a refund pending due to late payment charges mistakenly applied to your account by us. We sincerely apologise for this mistake which was caused by errors on our system,” the emails read.
“This transaction cannot be completed until you log on to verify your account information. Please note that it may take up to 3 working days to credit your account with the refund.”
While most of the email is decently written, the spammers who initiated the campaign made a huge error which clearly shows that in reality the notification doesn’t come from PayPal.
They wrote “erros” instead of “errors” in the title. Of course, a genuine email would never come with such a typo.
So what happens in case victims click on the Log On
Hoax Slayer, they’re taken to a fake PayPal website where they’re asked to provide their email addresses and passwords. A second bogus webpage asks victims to enter their ID, contact information and, last but not least, credit card details.
We urge internauts to stay clear of such emails. PayPal would never ask you out of the blue to hand over your credit card details. When responding to such emails, always check the URL of the website to which the links point.
If it’s anything other than a legitimate PayPal domain, the notification is most likely part of a massive data-collection operation launched by cybercriminals.