A fake PayPal account verification email is circulating on the internet in an attempt to steal user credit card information. The email asks the recipient to open the attached AccountVerification.html file. If you download and open the attached AccountVerification.html file a window will open in your browser containing credit card fields and a Save Profile button.
The scam appears to originate from Russia due to the code found within the AccountVerification.html file. Further analysis of the html code also shows that the creators of this scam are using PayPal’s css files directly from PayPal’s website so that the page is a virtual replica as far as layout and colors. The search bar even works.
The email is sent from firstname.lastname@example.org which is of course not affiliated with PayPal in any way. The subject line of the email is “PayPal – Account Notification”. The attachment is called AccountVerification.html. The PayPal scam email message below:
Subject: PayPal – Account Notification
Dear Concerned Member,
A very unusual activity has been detected that was linked to your PayPal account. It appears that
somebody gained access to your account without your consent. This intrusion have led us to restrict
your account access.
In order for you to have full access to your account again, please follow these two simple steps.
(1) Download the attachment provided by our Security Team.
(2) Open the attached file and fill in the required fields.
After you have verified your account by following these steps, our automated security system will
add layers of protection to your account. We would like to thank you for your serious attention.
PayPal Account Review Team
The email is a classic scam where hackers pose as a legitimate company, in this case PayPal, in an effort to gain your trust and reveal financial information. Do not under any circumstances enter your credit card information into the web page that appears when you open the AccountVerification.html file. If you have already entered your information and clicked the Save Profile button please contact your financial institution immediately.
The html page that opens in your browser is a replica of what a real PayPal web page would look like. The creators of this scam have paid attention to detail and have copied html code directly from PayPal in an attempt to make this page appear to be legitimate. A screenshot of the fake page can be seen below.
Notice how Resolution Center is misspelled in the navigation menu. Also, you will notice how none of the links on the fake PayPal page work. All of the links are dead except for of course the Save Profile button.
Once again, please delete this email immediately. Do not download or open the attachment. We will post updates regarding this latest PayPal email scam as we gather more information.