Since PayPal is a subsidiary of eBay, it’s a rather suspicious coincidence that PayPal members have been the target of phishing attempts.
Over the past few months, since March to be more exact, users have been receiving emails with the subject “View your recent activity” that come from [email protected] and look perfectly legitimate.
PayPal has admitted that these emails are indeed not from the company. “Thanks for forwarding that suspicious-looking email. You’re right – it was a phishing attempt, and we’re working on stopping the fraud. By reporting the problem, you’ve made a difference!” reads a reply received by Softpedia editors after reporting the problem.
The company points out that identity thieves try to trick you into revealing passwords and other personal information, which means they differ from messages sent by the company.
“Thanks for being a loyal customer this month! Below you will find recent news about your account. Check your recent transaction activity by logging in now,” reads the first version.
“We noticed that you have not shopped with us yet! Next time you shop, speed through checkout with PayPal. To make a purchase, just enter your email and password. There is no need to retype your financial information since it is safely stored in your PayPal account. Login now and make sure your account is up to date,” reads the second version.
Hackers even go as far as to include information about why these emails are not fake – they address you by first and last names or the business name, and they won’t ask for sensitive information, such as bank account, credit card details, or password.
The attack on eBay announced yesterday had actually taken place between the end of February and beginning of March, right around the time that PayPal users started receiving the spammy mails. The company chose to stay quiet about it, as it investigated the problem, effectively leaving users vulnerable.
If you notice such an email in your inbox, it’s best if you forward it to [email protected], where PayPal handles suspicious emails. It could also help to flag [email protected] as spam so your email account spots it and sends it right to the spam folder, so you don’t accidentally go through with the instructions in the email.