Anatomy of a PayPal scam

Today, I am going to illustrate a typical phishing scam targeting PayPal, the famous online money transfer company.

It all starts with a well crafted email supposedly from the company. The topic: account maintenance. Here we see a very common trick used by scammers: pretend to improve security measures.
Of course, in order to do so the user must provide all his login information.

 1. The Phish email:

Note the threatening “we would have to limit it [your account]“, and also the spelling mistake in the Subject:”Account Maintainance”
Many scams have grammar or spelling errors, mainly because the scammers are from foreign countries.

2. The fake site:

Visit the real site http://www.paypal.com and check for yourself how similar they look.

3. The credentials entry:

It’s always good not to use a real identity

4. The scammers greediness: more, more and more

With this information, a scammer owns your life. Pretty scary. 

5. The profit:

 Some guy with an IP in Thailand is very happy. 

We have reported this scam to the appropriate authorities. It’s not going to stop the bad guys behind it, just put a little dent in their profits.
However, we as responsible and careful end users can make a better impact. If you ever feel uncomfortable revealing some information, take the time to stop and consult with a friend or someone you trust.
I fell for some advertising things before, simply because the person bombards you with information and wants an answer now. What works here is making you confused and not letting you any time to think.
Remember that there is no rush, and the email can wait until the next day.

Jerome