You are here

PayPal Email Address Change Phishing Scam

28th November 2011

PayPal account holders are being warned about a new phishing email scam that claims to be notifying them that their email address has been changed.

The email tells the PayPal customer that they have recently changed their email address on the PayPal system. The scam’s intention is to make the recipient think an unauthorised person has changed their email address.

The email advises recipients to fill out an attached form if they believe an unauthorised person has changed their email address. Victims who fill out this form will have handed their personal information over to computer criminals, who can use it to go on to commit fraud.

Protect yourself from phishing emails

  • Be aware and pro-active: When responding to emails or phone calls, never give your login or personal details. If you receive an email from a company that claims to be legitimate but is requesting these details, or a contact number tell them you will call them back. Use a contact number for the organisation that you have sourced reputably. Speak to them directly to confirm that the message is genuine.
  • Use your spam filter: If you detect a phishing email, mark the message as spam and delete it. This ensures that the message cannot reach your inbox in future. 
  • Know your source: Never respond to a message from an unknown source. Take care not to click any embedded     links. Phishing emails are sent to a vast number of randomly generated addresses. However, clicking embedded links can provide verification of your active e-mail address. Once this occurs it may facilitate the targeting of further malicious emails. Even “unsubcsribe” links can be malicious. Ensure that the e-mail is from a trusted source and you are, in fact, subscribed to the service.
  • Remember that the email address that appears in the ‘from’ field of an email is not a guarantee that the email came from the person or organisation that it claims to have originated from.
  • Fraudsters are unlikely to know your real name, so the email may address you in vague terms, for example ‘Dear Valued Customer'.
  • Phishing emails will probably contain odd ‘spe11ings’ or ‘cApitALs in the ‘subject’ box and contain spelling or grammatical errors in the email – this is an attempt to get around spam filters and into your inbox.

Read more about the PayPal phishing scam on Sophos’ website.

Please note that Action Fraud is not responsible for the content of external websites.

To report a fraud, call Action Fraud on 0300 123 2040 or use our online reporting tool.

Related links:
Phishing
Malware
Fake PayPal emails target Christmas shoppers