PayPal Phishing — Using Real Accounts

PayPal is a favorite target for phishing scams. Some cyberthieves try to get at your account; others hope to get your money into theirs. PayPal warns its users about these tricks and gives instructions for forwarding suspicious email.


The traditional phishing attack follows a standard pattern. An email tells you that your account has been compromised, that someone is sending you money, or that you can get a special deal, and it urges you to click a link. It takes you to a bogus site that will grab your login credentials.

One of the earliest phishing schemes targeted PayPal users back in 2000. A Russian criminal set up the site, with a capital “I” as in “India” instead of an “l” as in Lincoln. In some fonts, the names are almost impossible to tell apart, and the fake site looked just like PayPal’s.

As people catch on to old scams, new ones arise. Some of them use authentic PayPal accounts. Some are throwaway accounts, which the holders use to grab money till they’re terminated. Some might be legitimate accounts that crooks have hijacked.

Proofpoint has discovered a scam that uses email from real PayPal accounts. It gets you two ways. First, it asks you for money; second, it gives you a link to a malicious website. It tries to download a JavaScript file, which, if you run it, will download a Trojan called Chthonic, which usually goes after banking institutions.

Since the mail comes from PayPal, spam filters aren’t likely to block it. This scam doesn’t seem to have hit a lot of people, but it shows that even if your mail comes from, you can’t always trust it. Anyone with a PayPal account can ask you for money.

Another trick connects you to the real PayPal site, but the email sets up a JavaScript filter so that the phisher snags your credentials when you log in. You see in the browser’s address bar, and the connection is a secure one, so everything seems OK — but the scammer is grabbing your information before it’s encrypted and sent over the internet.

Emails with overblown threats and bad writing are generally fake. One of them warns: “It is indispensable to perform an audit of your data is present, otherwise your Account will be destroyed. … We requests verification whenever an email address is selected as an Account PayPal.” “We requests?” Gollum must have taken up phishing.

If you get a dubious email relating to PayPal, log in directly to your account instead of following the link in the email. If there’s no notification about the issue, the mail is probably fake. If the email is generic and doesn’t name you or your business, that’s another reason for suspicion.

If you get .JS or .EXE files in your email, never open them unless you’re expecting them and are sure of the sender. Make certain that your system settings let you see file extensions. File names may be prettier when they don’t have a .DOC or .PDF at the end, but hiding that information leaves your business vulnerable to attacks. Be triply cautious with anything related to PayPal or other financial institutions.

LAN Infotech is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (954) 717-1990 or send us an email at for more information.

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
Client Feedback

“LAN Infotech has been an exceptional resource for our organization. They provide consistent knowledgeable network engineers, round the clock monitoring and are invaluable in our IT infrastructure decision-making process. Their level of customer service has been top-notch and exceeds our expectations – we look forward to a continued partnership with LAN Infotech.”

—Janice M. Pennington
Vice-President of Finance & Administration
National Multiple Sclerosis
Society South Florida Chapter
read more»

Featured IT Services Fort Lauderdale Articles

LAN Infotech Recognized as Leading Microsoft Marketing Partner Worldwide

The team of IT specialists from LAN Infotech are thrilled to announce that they have been recognized on Fifty-Five and Five’s Inbound Marketing Excellence Report as one of the top 250 Microsoft mark

Read more

Featured IT Services

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services