Translate this page to any language by choosing a language in the box below.

Phishing Example: PayPal, PayPal Account Review Department

Phishing Example: PayPal - 'Order Update"

Below is another example of a PayPal phishing / spoofing attempt sent vian email. Here is what PayPal suggests:

• Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear Customer" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account.
• Non-PayPal email address: Notice also it came from a gmail, hotmail or other email addres, not from PayPal.com.
• If you believe you have received a fraudulent email, please forward the entire email-including the header information-to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
• Don't share personal information vian email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to https://www.paypal.com/.
• Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.
• Notice the the email actually came from akstcactivinfomnsdgs@activinfo.com NOT accounts@paypal.com. This information is found in the message header.
• The link to http://paypal.user-confirmation.com/login.php is not on the Paypal.com domain.

 And if you think you have been victimized, see our What to do, if you think you have been the victim of identity theft page!

---

Example PayPal Scam Email:

From: PayPal_Team [mailto:joymorgoun@gmail.com]
Sent: Thursday, December 23, 2021 11:07 AM
Subject: Order Update

 

Dear Customer,

Thanks for using PayPal.

The Seller has requested the payment through PayPal, and we offered to cover all the risks for you and the seller.

It is our responsibility to inform Buyers about the sellers. You are dealing with a verified PayPal member, protected by our PayPal service and dispute resolution, and you may buy and sell with confidence in all eBay transactions with the seller.

The Following is a notice from PayPal Trust & Safety Department regarding:

Items Title - NCR RealPOS Two-Sided Multifunction Thermal Receipt Printer (7168-1013-9001)

Item Number - 172485145933

Item Price - $239.99 USD

Need Assistance?

We' re Happy to help by phone at 1-888-673-4875

Message headers:

Return-path:
Delivery-date: Sat, 15 Mar 2008 06:41:47 -0700
Received: from [121.189.253.24] (helo=iswhaxy7lvxr992.kornet)
(envelope-from )
id 1JaWdb-0007UW-Gj
Received: from [121.189.253.24] by mx.online.net; Sat, 15 Mar 2008 22:41:26 +0900
Date: Sat, 15 Mar 2008 22:41:26 +0900
From: accounts@paypal.com
X-Mailer: The Bat! (v2.00.7) Personal
Reply-To: akstcactivinfomnsdgs@activinfo.com
X-Priority: 3 (Normal)
Message-ID: <603408080.43022713497518@activinfo.com>
MIME-Version: 1.0
Content-Type: text/html;
charset=iso-8859-2
Content-Transfer-Encoding: 7bit
X-Spam-Status: Yes, score=17.7
X-Spam-Score: 177
X-Spam-Bar: +++++++++++++++++
---- ---------------------- --------------------------------------------------
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[121.189.253.24 listed in zen.spamhaus.org]
2.2 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: user-confirmation.com]
2.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: user-confirmation.com]
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: user-confirmation.com]
2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: user-confirmation.com]
1.3 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
0.6 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
X-Spam-Flag: YES
Subject: PayPal Account Review Department

 

---

 Reporting a Possible Phishing Attack

If you need advice about an Internet or online solicitation, or you want to report a possible scam, use the Online Reporting Form or or call the NFIC hotline at 1-800-876-7060

 

 

---

For More Information About Phishing, See:

• Click Here for a copy of NCL's Phishing Brochure.  Requires Adobe Acrobat Reader.
• How Not to Get Hooked by a 'Phishing' Scam  [PDF version]
  Offers tips on how to avoid falling victim to a new type of spam scam in which consumers are deceived into handing over personal financial information.
• Is Someone "Phishing" for Your Information?  [PDF version]
  Cautions consumers about emails that claim to be from government agencies in an attempt to steal personal information.
• Digital PhishNet Web site.
• Phish Report Network - a cooperative effort by several companies providing an information clearinghouse that will be run by WholeSecurity, a provider of client-side security solutions.
• Internet Crime Prevention & Control Institute, a cooperative effort between Zero Spam Network Corp. and the University of Miami. Staffed by Miami undergraduate and graduate students and Zero Spam employees, works closely with the Secret Service's Electronic Crimes Task Force and ISPs in the United States and abroad to identify and block traffic to machines hosting phishing sites.
  • Report A Crime
  • FTC Fraud Reporting