A new PayPal phishing scam is making the rounds, informing potential victims that their transactions have been declined because of the card issuer.
The email looks like this:
Unfortunately, your recent PayPal transaction was declined because your card issuer did not allow the payment to go through. In order to rectify this problem you have the following options:
The easiest way is to try the transaction again using another credit or debit card already registered with your PayPal account.
If you dont have any other cards registered, you can do so by clicking on Profile and then Add or Remove Card and following the instructions on screen.
Alternatively you can add funds to your PayPal balance directly from your bank account. Simply click on 'Add Funds' in the top navigation bar and follow the instructions on screen.
Please be aware it will take between 7 to 9 working days for the funds to transfer. You will then be able to complete the transaction using your PayPal balance.
If you have successfully completed the transaction already, please accept our apologies for sending you this email.
The trick in this case is that this is a copy of an email PayPal is actually sending to customers when transactions fail because the card issuer would not allow a payment to go through.
However, unlike the legitimate notifications, the links in the fake ones point to all sorts of shady domains.
The cybercriminals behind this campaign are registering free domains with various Internet service providers, mainly from the Netherlands.
On these websites they host webpages that replicate the legitimate PayPal login page in an attempt to trick users into handing over their credentials and, implicitly, access to their funds.
To identify phony PayPal messages, users must hover over the links and make sure they point to paypal.com
, or other legitimate domains. URLs such as “ip.isp-name.com/paypal.com” are clearly malicious and they should be avoided at all cost.