(+84) 463.28.7979

Anatomy of a Fake Phishing Email


We all get phishing emails and it is important to recognise and avoid getting trapped by these fake phishing emails and not disclose your personal information, bank accounts, credit cards details to unknown fraud persons, who harvest private information via fake websites, links and emails.

Analyzing a fake Paypal phishing email

Here is a sample email from Paypal from my Gmail spam folder asking me to send our banking account information. Lets see step by step how many fake things there are in every line.

paypal phishing email

Subject: PayPal Account® Posible Fraud – Notification
Note that Account is the registered trademark. Spelling of Possible is wrong. The possible fraud phrase implores the readers to definitely open the email.

Spam X
Gmail recognizes lots of malicious features suggestive of a phishing email, marks it spam and moves it automatically to the Spam folder. Gmail has powerful antispam features which can easily identify fake Paypal emails.

from service@intl.paypal.com <service@intl.payspal.com>
Note that thought the email id shows that it originates from from service@intl.paypal.com, if you expand the email headers, it is actually from from service@intl.payspal.com. Note the spelling error – it is payspal.com with an ‘s’

Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information. Learn more
Gmail has not only sent the message to spam, but also marked the email as an phishing attempt. This was caught because the ‘From:’ field was manipulated to show a false sender name.  The “Learn more” link directs the user to more security information about messages asking for personal information.

PayPal Account® Posible Fraud – Notification
Another repetition of the title, note again that Possible is again wrongly spelt.

Security check ! You have received this email because your account has been used from different locations by you or someone else. For security purpose, we are required to open an investigation into this matter.
Note the reason. Even you could have used the account from different computers. But it creates a fear of hacking. They are launching an open investigation instead of checking at the backend and statistics. Creating fear for you to send your details.

In order to safeguard your account, we require that you confirm your banking details.
So now they come to the point – they want your bank account details. Why do they need it?

To help speed up this process, please access the following link so we cancomplete the verification of
your PayPal Account: Alert code: 1366968850

Again “help speed up” is put in to create a sense of urgency. Note spelling errors again as “cancomplete” has no spacing. They have also put in a long random number so that it creates a sense of authenticity for your account.

https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit/?136
Note that the link does not point to what the url text displays. Which means clicking on the link will take you to another fake website which resembles the Paypal website closely. Once you fill in your bank details there, your financial information is at risk in the hands of fraudsters. Gmail automatically unlinked that link.

Please Note: If we do no receive the appropriate account verification within 48 hours, then we will assume this PayPal Bank account is fraudulent and will be suspended.
Again they create a sense of insecurity and urgency prompting you to take action and click that link. You fear your Paypal account with all its money maybe locked out and act.

The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community. We appreciate your support and understanding and thank you for your prompt attention to this matter.
Just incase you are still not convinced – now they coax you with a bit of courtesy which is expected of any business email. Makes you believe that they are indeed the courteous paypal staff who want to protect your Paypal account.

Regards, PayPal – Paypal Account® Security Department.
Again note another fake brand name “Paypal-Paypal” and again “Account” is registered. The phrase “Security department” now gives more authenticity to a security organization email.

© 2010 PayPal Account & Co.
Another fake brand “Paypal Account & Co.”

Please do not reply to this email as this is only a notification. Mail sent to this address cannot be answered.
Either click the link, or don’t bother. They do not want you to reply back and cross check. Probably the reply email wont work since the email server configuration will cause the email to bounce back. Anyway the email never reaches Paypal.

PayPal Account® Banking Departament
Another fraud brand name. Account is registered again. Now its the “banking department”, just  in case the earlier “security department” didnt interest you.

I hope you learned some new ways to identify fake Paypal phising emails and not get trapped into revealing your personal and financial secret information. You can report fake sites and phishing emails to paypal. Stay safe and keep reading our blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>