New PayPal Phishing Scam Tricks Users into Downloading Malware

August 9, 2018 4:40 pm Geraldine Strawbridge

PayPal users have once again been targeted in a phishing scam aimed at tricking the recipient into downloading malware.

The malicious email appears to look like genuine correspondence from the company with the sender’s address listed as ‘service@PayPal.com’.

Users are notified of suspected fraudulent activity on their account and are prompted to open an attached Word document to verify their account details.

The document is in fact loaded with a virus and as soon as the user opens the attachment, their PC is infected with malware.

The malicious malware will normally have a password stealing component with the aim of secretly tracking everything that has been typed into the device, including bank account numbers, login details and passwords.

At the current time, the virus appears to only infect Window computers, with IPhone, Mac, Blackberry and Android users remaining unaffected.

According to My Online Security, there are multiple variations of the phishing scam in circulation and another version of the scam urges users to click on a link to update and verify their account details.

Image: Fake Word Document

Fake Word Document

Source: My Online Security

PayPal has confirmed the email is a fake and has advised customers on what to do if they suspect they’ve received a phishing email: “Phishing is an illegal attempt to “fish” for your private, sensitive data. If you believe you’ve received a phishing email, don’t click any links or download any attachments within the suspicious email and follow these steps right away:

Forward the entire email to spoof@paypal.com
Do not alter the subject line or forward the message as an attachment
Delete the suspicious email from your inbox
Despite the email appearing to come from an official address, there are a number of red flags that point to a scam. The email begins with:”Greetings, dear Client! please! We noticed a lot of frauds performed by machinations with online services of the accounts of our clients.”

The type of language, grammar, and spelling used in the email should immediately alert the user that it is not legitimate correspondence from PayPal.

PayPal phishing scams continue to prove extremely lucrative due to the high number of people that continually fall for the scams. Cybercriminals will often imitate big brands such as PayPal, Amazon or Apple as there is a greater chance of conning more people.

To protect yourself from falling victim to these types of online scams, never click on suspicious links or download attachments from unknown sources. Other signs to look out for include; poor grammar, a mismatched URL, threatening or urgent language, claims of prizes or a request for information.

Read also:
Top 5 Phishing Scams

Scam of the Week – New WannaCry Phishing Scam hits the UK

What to do if you click on a Phishing Link

MetaPhish provides a powerful defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.