PayPal “Your Account Will Expire In Less Than 24 Hours” Phishing Scam Email

Outline:
Email purporting to be from PayPal claims that your account will expire in less than 24 hours unless you click a link to update your account information.

Brief Analysis:
The email is not from PayPal. It is a phishing scam designed to steal your PayPal account login details, your credit card numbers, and other identifying information.

Example:

paypal-account-will-expire-1

Detailed Analysis:
According to this email, which claims to be from PayPal, your PayPal account will expire in less than 24 hours. The message claims that your PayPal account was used to make purchases via a new web browser. Thus, suggests the message, someone may have accessed your account.

It instructs you to click a “Check My Account” button to confirm that you are the only user of the account. It explains that, after clicking the link, you will be asked to re-authenticate your account details just to make sure that you are the real account holder.  The email warns that, if you do not update your information as instructed, your account will be permanently banned.

However, the email is certainly not from PayPal and the claim that you must update your details or risk an account ban is a lie. In fact, the message is a typical PayPal phishing scam designed to steal your account login credentials, your credit card numbers, and other sensitive personal information.

If you click the “Check My Account” link, a fraudulent website will open in your browser.  It will closely resemble the genuine PayPal website. The fake site will first ask you to login with your PayPal email address and password. After you do that, it will take you to a fake “account update” form that asks you to provide your credit card numbers, your name, address and contact details, and other identifying information. All of the information you supply on the fake website can be collected by cybercriminals and used to hijack your PayPal account and conduct fraudulent transactions. They can also make purchases using your credit card. And, if they have collected enough of your personal and financial information, they may be able to steal your identity as well.

Keep in mind that PayPal will never send you a message that demands that you click a link to update account details or risk an account ban. And, genuine PayPal messages will always address you by name. They will never use generic greeting such as “Dear Customer”.

The PayPal website has published information about how to recognize and report such phishing scams.

The following Hoax-Slayer YouTube video covers a similar PayPal phishing attempt:

/by