Unexpected PayPal Payment Requests: Phishing 

One of our colleagues has recently received multiple PayPal phishing emails. There’s obviously a number of these going around, so we thought we’d share some information about these, to help you spot them when one lands in your inbox.  

Three warning signs 

These emails looked very convincing: right branding, right layout, realistic footer information. So, what gave it away? 

  1. The sense of urgency and alarm that they were trying to generate. They all said that a large amount of money had been spent. A couple were payment requests. All had a big PayPal-blue button in the middle to click to fix the problem. 

The idea is that the panicked recipient clicks on the button (or, indeed, any of the links in the email) and hands over the vital information needed to access the account. 

Did it work? Well, no clicking happened – but there was definitely a sense of alarm at the idea of owing a large sum of money unexpectedly. And that’s the first warning sign. 

  1. Looking at the email again, there were spaces in unexpected places, such as in the email address in the email body. And the amount of money being requested was far too large for the product that they’d apparently bought. That’s not right…  

Second warning sign: something was off about the formatting and the information provided

  1. Third warning sign: the email demanded an action that was out of the ordinary. As it happens, that colleague didn’t have a PayPal account that used that email address any more. That account had been closed some time back, so clearly the attackers have out of date information.  

But even when the account was open, payment requests were atypical. If an email asks you to do something unexpected, or something that you wouldn’t ordinarily do, think at least twice and check with someone else.  

What to do next? 

Once you’ve spotted a dodgy email, there are a number of things you can do. Obviously, the first one is: don’t click the link… 

  1. If you have an internal IT department (even if it’s only one person), report it to them. 
  1. You can report it direct to PayPal by forwarding it to spoof@paypal.com . Don’t make any changes to it, and don’t send it as an email attachment – just forward it, so they can investigate. 
  1. You can report it to the National Cyber Security Centre (NCSC) by forwarding it to this email address: report@phishing.gov.uk. (Again, don’t send it as an attachment, just forward it). The NCSC will analyse it and may be able to block the phisher and take down a malicious website. 
  1. You may also be able to report it to your email provider. 
  1. Once you’ve reported it, you should delete it. 

That’s all you have to do:  

  • don’t click 
  • do report it 
  • do delete it. 

A final step could be to tell your friends, family and colleagues about it, so that they are forewarned about this kind of phishing attack. 

And if you’d like any other information or advice about cyber security, contact us here at Click and Protect either using our website form, or by calling us at 0113 733 6230.