The inbox message pretends to come from “email@example.com” with the subject “PayPal account warning” and a Microsoft Word doc attachment that covertly plants the malicious software (malware) on your desktop.
But it’s actually from “firstname.lastname@example.org”, which is a “look-a-like”, typo-riddled website domain designed to trick and confuse victims, according to My Online Security.
“Greetings, dear Client! We noticed a lot of frauds performed by machinations with online services of the accounts of our clients,” reads the fraudulent email.
“Attackers obtain access to accounts by stealing login data and passwords,” it states, adding “this may be very dangerous for your funds and our reputation, so we are asking you to perform some actions, in order to prevent fraud.”.
It continues “To protect your funds, verify please your account data. It will let us approve your post address and personal data. Also we strongly recommend to keep passwords and login data, in the safe place.
How to identify real PayPal emails
According to the company, an email from PayPal will:
- Come from paypal.com. Scammers can easily fake the “friendly name,” but it’s more difficult to fake the full name.
- A sender like “PayPal Service (zxk1942R3@gmail.com)” is not a message from PayPal. But sophisticated scammers can sometimes fake the full name, so look for other clues.
- Address you by your first and last names, or your business name.
An email from PayPal won’t:
- Ask you for sensitive information like your password, bank account, or credit card.
- Contain any attachments or ask you to download or install any software.
“To make your account information verified, please fill and send the next form via e-mail or via post.”
The message signs off with the following warning, alerting you to take immediate action: “if you will not react on this notification, we will be forced to temporarily block your online services until you won’t verify your account information”.
Needless to say, you should treat this message – or any message that comes with external website links and attachments, for that matter – with the utmost suspicion.
If you do get an email warning you about fraudulent activity, like this scam message, just head straight to the source by manually entering the site’s address and following the company’s help and support guides.
Luckily, Microsoft Word versions from 2010 onward automatically open emails downloaded from the web or email in “protected view” that stops any malware from rampaging through your PC.
But the cyber-criminals behind this scam go one step further by encouraging victims to enable macros or enable editing on the Word doc to let you view the content.
Do not follow their advice.