PayPal phishing attack – would you have been fooled?

Graham Cluley
@gcluley

Here’s an email I received this morning claiming to come from PayPal, informing me that my account has been suspended because someone has been repeatedly trying (and failing) to access it.

From: service@paypal.com
Subject: A high number of failed login attempts have been recorded on your online account..

Message body:
We are sorry to inform you that your PayPal Account has been suspended.

A high number of failed login attempts have been recorded on your online account.

As a security measure we had to temporarily suspend your account. To restore your account we have attached a form to this email.

Please download the form and follow the instructions on your screen.

NOTE: The form needs to be opened in a modern, javascript enabled, browser (ex: Internet Explorer 8, Firefox 3, Safari 3, Opera 9).

We apologize for any inconvenience this may have…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.