Another type of PayPal phishing email has been seen making the rounds. The fake notifications are entitled “Your transaction was declined,” and they’re designed to lure recipients to a phishing page.
The emails read something like this:
“Recently, there’s been activity in your account that seems unusual compared to your normal activities. We’re concerned that someone is using your PayPal account without your knowledge.
Recent activity on your account seems to have occurred from a suspicious location or under circumstances that may be different to usual.
What to do ? The best way to resolve this and avoid it happening again is to confirm information you provided when you created your account to make sure that you’re the account holder. You can do that now.
The secure way to confirm your account information:
1. Download the attached Document.
2. Open the document in a browser window secure.
3. Follow the instructions to Confirm that you are the account holder.”
According to Hoax Slayer, the document attached to the emails is actually an HTML file that’s designed to mimic the legitimate PayPal website.
On this page, victims are asked to enter their login credentials, and their personal and financial information, including credit card data. Once all the information is handed over to the attackers, users are redirected to the genuine PayPal website.
These PayPal phishing scams are very dangerous because victims end up giving a lot of valuable information to the cybercrooks. The stolen data can be abused for identity theft and to perform fraudulent transactions with the victim’s credit card.
If you’re a victim of such an attack, change your PayPal password immediately. If you’ve been using the same credentials for other online services, change all your passwords.
It’s also recommended that you contact your bank and have them cancel your credit card to make sure it can’t be misused.