Back to Fred Mac Donald's Blog

Phishing Scam Verify Your Account Information

Phishing Scam Verify Your Account Information

A new and improved version of the PayPal phishing email.

Just received the latest version of a phishing email supposedly coming from PayPal.

This is a screenshot of the actual email

PayPal Phishing email

Log In button link

If you click the “Log In” button you will end up on the following page

PayPal Scam Login Page

Once again, everything looks legit until you look at the URL. It is NOT a URL used by PayPal

When you enter your PayPal login information, it will be recorded in a remote database and will, no doubt, be used to clear out your account.

What websites are compromised to make this work?

Below is a diagram showing the data flow and compromised websites.

Compromised websites for use in PayPal Phishing Scam

How can I tell if an email is genuinely from PayPal?

The email spam filters used on the servers on Exelwebs will automatically mark this email as spam. However, it is important to not click on any link or interact with the email in any way. Delete it immediately.

You’ll know that an email is not from PayPal when:

  • It begins with a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always begin with your first and last name or the business name on your PayPal account.
  • It asks for financial and other personal information. Our emails will never ask for your bank account number, debit or credit card number etc. We'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • It asks you to provide the tracking number of a dispatched item before you've received the payment into your PayPal account.
  • It includes a software update to install on your computer.

Here are some security tips to help you stay protected online:

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you're visiting is secure.

If you think you’ve received a phishing email, forward it to (so we can investigate) and then delete the fake email from your mailbox. If you‘ve responded to a fraudulent email and believe your PayPal account may now have been accessed, you should report the unauthorised access immediately.


  • If you provided any personal information in response to a phishing email or on a spoof website, change your Password and Security Questions immediately.
  • If you provided any financial information, contact your bank and your credit card issuer and tell them about the situation.
  • Review your PayPal payment and transfer activity to check that you recognise all recent activity.
Written by:  - 11 May, 2018  
comments powered by Disqus