Stay informed about cyber awareness training topics and mitigate risk in your organisation.

New PayPal Phishing Scam Tricks Users into Downloading Malware

PayPal users have once again been targeted in a phishing scam aimed at tricking the recipient into downloading malware.

The malicious email appears to look like genuine correspondence from the company with the sender’s address listed as ‘’.

Users are notified of suspected fraudulent activity on their account and are prompted to open an attached Word document to verify their account details.

The document is in fact loaded with a virus and as soon as the user opens the attachment, their PC is infected with malware.

The malicious malware will normally have a password stealing component with the aim of secretly tracking everything that has been typed into the device, including bank account numbers, login details and passwords.

At the current time, the virus appears to only infect Window computers, with IPhone, Mac, Blackberry and Android users remaining unaffected.

According to My Online Security, there are multiple variations of the phishing scam in circulation and another version of the scam urges users to click on a link to update and verify their account details.

Image: Fake Word Document

New PayPal Phishing Scam Tricks Users into Downloading Malware

Fake Word Document

Source: My Online Security

PayPal has confirmed the email is a fake and has advised customers on what to do if they suspect they’ve received a phishing email: “Phishing is an illegal attempt to “fish” for your private, sensitive data. If you believe you’ve received a phishing email, don’t click any links or download any attachments within the suspicious email and follow these steps right away:

Forward the entire email to
Do not alter the subject line or forward the message as an attachment
Delete the suspicious email from your inbox
Despite the email appearing to come from an official address, there are a number of red flags that point to a scam. The email begins with:”Greetings, dear Client! please! We noticed a lot of frauds performed by machinations with online services of the accounts of our clients.”

The type of language, grammar, and spelling used in the email should immediately alert the user that it is not legitimate correspondence from PayPal.

PayPal phishing scams continue to prove extremely lucrative due to the high number of people that continually fall for the scams. Cybercriminals will often imitate big brands such as PayPal, Amazon or Apple as there is a greater chance of conning more people.

To protect yourself from falling victim to these types of online scams, never click on suspicious links or download attachments from unknown sources. Other signs to look out for include; poor grammar, a mismatched URL, threatening or urgent language, claims of prizes or a request for information.

Read also:
Top 5 Phishing Scams

Scam of the Week – New WannaCry Phishing Scam hits the UK

What to do if you click on a Phishing Link

MetaPhish provides a powerful defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations