New wave of paypal phishing emails

A new wave of phishing emails claiming to be from PayPal is being reported this week. The messages we received at Lavasoft look like this:

1

 

This particular phishing email originates from service@paypal.co.au or is coded to appear that way. As is typical of phishing emails, there are spelling and grammar errors in the above message, including “expire," “It is indispensable to perform an audit of your data is present,” and “We requests…” Additionally, as is the case with many phishing emails, the message attempts to threaten the user by setting a time limit (48 hours) to complete this task and threatening that the user’s “Account will be destroyed.” Also, note the fake copyright notice at the bottom of the email message, attributed to PayPa1. 

While this phishing email asked us to verify our account information, other users on Twitter are reporting emails which claim that their account information has been compromised. Twitter user and BBC journalist @jessbrammar reported receiving this phishing email:

2

Other users reported phishing emails that look like this:

3

Phishing is a method used by cyber criminals to acquire a user’s information, including their usernames, passwords, and credit card numbers. A typical phishing attack occurs through email or instant messaging, when an email or message is sent that appears to originate from a legitimate company or one of your trusted contacts. These messages typically contain links that also appear to be legitimate URLs but they direct users to websites that infect them with malware or attempt to steal their information. Notice that one of the emails listed above asks the user to “Download the attached Document” which is likely to contain a computer virus. When a website used in a phishing campaign attempts to steal a user’s information, it typically disguises itself as a legitimate website which looks identical to the original and asks you to enter your user information. PayPal has experienced phishing attacks using its brand name in the past and has set up a section on its website to help keep its customers safe.