There are affiliate links on this page.
Read our disclosure policy to learn more.

Phishing Example: PayPal, PayPal Account Review Department

Phishing Example: PayPal - 'Order Update"

Below is another example of a PayPal phishing / spoofing attempt sent vian email. Here is what PayPal suggests:

  • Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear Customer" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account.
  • Non-PayPal email address: Notice also it came from a gmail, hotmail or other email addres, not from PayPal.com.
  • If you believe you have received a fraudulent email, please forward the entire email-including the header information-to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
  • Don't share personal information vian email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to https://www.paypal.com/.
  • Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.
  • Notice the the email actually came from akstcactivinfomnsdgs@activinfo.com NOT accounts@paypal.com. This information is found in the message header.
  • The link to http://paypal.user-confirmation.com/login.php is not on the Paypal.com domain.

 And if you think you have been victimized, see our What to do, if you think you have been the victim of identity theft page!


Example PayPal Scam Email:

From: PayPal_Team [mailto:joymorgoun@gmail.com]
Sent: Thursday, December 23, 2021 11:07 AM
Subject: Order Update

 

Dear Customer,

Thanks for using PayPal.

The Seller has requested the payment through PayPal, and we offered to cover all the risks for you and the seller.

It is our responsibility to inform Buyers about the sellers. You are dealing with a verified PayPal member, protected by our PayPal service and dispute resolution, and you may buy and sell with confidence in all eBay transactions with the seller.

The Following is a notice from PayPal Trust & Safety Department regarding:

Items Title - NCR RealPOS Two-Sided Multifunction Thermal Receipt Printer (7168-1013-9001)

Item Number - 172485145933

Item Price - $239.99 USD

Need Assistance?

We' re Happy to help by phone at 1-888-673-4875

Message headers:

Return-path:
Delivery-date: Sat, 15 Mar 2008 06:41:47 -0700
Received: from [121.189.253.24] (helo=iswhaxy7lvxr992.kornet)
(envelope-from )
id 1JaWdb-0007UW-Gj
Received: from [121.189.253.24] by mx.online.net; Sat, 15 Mar 2008 22:41:26 +0900
Date: Sat, 15 Mar 2008 22:41:26 +0900
From: accounts@paypal.com
X-Mailer: The Bat! (v2.00.7) Personal
Reply-To: akstcactivinfomnsdgs@activinfo.com
X-Priority: 3 (Normal)
Message-ID: <603408080.43022713497518@activinfo.com>
MIME-Version: 1.0
Content-Type: text/html;
charset=iso-8859-2
Content-Transfer-Encoding: 7bit
X-Spam-Status: Yes, score=17.7
X-Spam-Score: 177
X-Spam-Bar: +++++++++++++++++
---- ---------------------- --------------------------------------------------
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[121.189.253.24 listed in zen.spamhaus.org]
2.2 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: user-confirmation.com]
2.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: user-confirmation.com]
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: user-confirmation.com]
2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: user-confirmation.com]
1.3 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
0.6 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
X-Spam-Flag: YES
Subject: PayPal Account Review Department

 


 Reporting a Possible Phishing Attack

If you need advice about an Internet or online solicitation, or you want to report a possible scam, use the Online Reporting Form or or call the NFIC hotline at 1-800-876-7060

 

 


For More Information About Phishing, See: