An official email from Paypal will never ask a user to do the following through email:
1. Send an email to: “Undisclosed Recipients” or more than one email address.
2. Ask a user to download a form or file to resolve an issue.
3. Ask to verify an account using personal information such as name, date of birth, or address.
4. Ask to verify an account using bank account information such as bank name, routing number, or PIN number.
5. Ask to verify an account using credit card information such as credit card number or type, expiration date, or ATM PIN number.
6. Ask a user for security question answers without displaying each security question that was created
7. Ask a user to ship an item, pay a shipping fee, send a Western Union Money Transfer, or provide a tracking number before the payment received is available in the transaction history
— Courtesy firstname.lastname@example.org
Fraudulent emails are showing up in Paypal users’ email inboxes in an attempt to gain a users information, according to Paypal.
Paypal recommends the following for reporting suspicious activity:
1. Open a new browser or tab and type in “www.paypal.com”
2. Log in to the PayPal account in question.
3. Click “Activity” near the top of the webpage.
4. Click on the suspicious transaction to expand the details.
5. Click “Report this as unauthorized”
6. Complete the report process on the next screen.
— Courtesy email@example.com
The email is designed to look like an official Paypal email and says that it is confirming that a new email address has been added to the user’s Paypal account and that if the user didn’t add the new email to let Paypal know.
The email also contains links to what looks like an official Paypal website. Once on the website, an unsuspecting user is expected to enter their account information immediately to try and access their account.
According to an email from Paypal’s security experts at firstname.lastname@example.org, 90 percent of all email worldwide falls into the spam or phishing category.
“By submitting reports of suspicious email to us you are helping to address this problem,” Paypal said in a statement.
If an email seems suspicious, the security team recommends opening a new tab or window in a web browser and typing paypal.com to ensure that a user is on the legitimate website.
“Any time you receive an email about activity to your Paypal account, the safest way to confirm validity is to login directly to the Paypal website and review the relevant section,” Paypal said.
The company said it will never directly ask for personal banking information through an email or ask for answers to security questions without displaying each security question that was created, according to the statement.
The company will also never ask a user to ship an item or send a Western Union money transfer.
If a user believes an email may be suspicious, it can be reported at the Paypal Security Center or the email can be forwarded to email@example.com and the Paypal Security Team can help determine the validity of the email and try to deter the fraud.
“We take reports of suspicious email very seriously,” Paypal said.