Your PayPal Account Is Under Attack If You See This Message

Beware this PayPal attack

dpa/picture alliance via Getty Images

A new warning for PayPal users follows recent alerts for Amazon and Facebook users, as new attacks target account holders with messages masking malicious sign-ins. These messages appear to come directly from PayPal, and users need to beware.

Per MalwareBytes, this “highly sophisticated email scam is targeting PayPal users with the subject line of ‘Set up your account profile’.” Beware, because “it’s hard for the everyday user to tell if the email has been spoofed or not.”

ForbesMicrosoft Confirms $61 Windows Update Fee Starts In 5 WeeksBy Zak Doffman

Spoofing works by replacing a real “from” address with something the sender picks instead — in this case a PayPal email address. One of the reasons email is so vulnerable to attack is that simple tricks like this work — it’s an open architecture.

Change Your PayPal Password Now If It’s On This List

As ever, don’t worry about playing cyber detective to tell threats from real messages. You won’t receive account or security warnings from major tech companies with links to log into your account. As such, you san safely ignore and delete all such emails.

That warning goes further. Never sign into any account through a link you’ve been sent. The only exception is when you’ve requested a link — some sites use email links as a form of secondary verification and many password changes are done via links.

PayPal Passwords For Sale Online—Change Yours Now

If you see any message relating to account activity, just log into the website or app the usual way and navigate to your account or account settings. If there’s an issue, you’ll see it there and can take action knowing it’s a legitimate interaction.

It is now ridiculously easy for attackers to mimic the look and feel or sign-in pages, with legitimate imagery. But there will steal your credentials when you enter them.

ForbesMillions Of iPhone And Android Users Get Surprise RefundsBy Zak Doffman

As MalwareBytes warns, “the layout of the email looks convincing enough, likely copied from an actual PayPal email,” but the content however is typical for a phishing email.”

That includes its urgency, the value of the transaction ($900) being too high to ignore, and the addressee field being wrong or generic.“’Dear Customer’ or ‘Dear User’, or none at all as in this example.” Most campaigns just have email addresses or phone numbers.