13 May 2014

PayPal is a frequent target for phishing emails. One recent example with the subject line Suspicious ‘sign in prevented’ pretends to be a security notification from PayPal. It mimics the kinds of emails you might receive from financial organisations if unusual activity has been detected on your account.

From: PayPal security[at]pcash.com
Sent: Thursday, 8 May 2014 8:22 AM
Subject: Suspicious sign in prevented

Someone recently used your password to try to sign in to your account - anth_hel20[at]yahoo.com.au .

We prevented the sign-in attempt in case this was a hijacker trying to access your account.

Please review the details of the sign-in attempt:

Monday, May 5, 2014 11:47:37 AM UTC
IP Address:
Location: Stockholms, Sweden

If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and confirm your identity immediately.

Confirm identity


PayPal Accounting team

The email includes a ‘confirm identity’ link, which directs you to a fake PayPal website (note the incorrect URL, it should be paypal.com.au/). The fake page even features PayPal’s updated design and logo.

Fake PayPal website

It includes many genuine links to the real PayPal site, however, some links simply loop you back to the same page you are already on. If you do log into the fake site to confirm recent account activity, you are presented with a copy of PayPal’s account information page where you can fill in all your personal information, credit card details and send them straight to the scammers.

This is a very effective fake website. It appears legitimate and features good design and use of language (the opposite are often good indicators of a scam site). It even uses PayPal’s loading icons when you log in and recognises where in the world you are, requiring you to enter a valid local address, post code, and phone details.

Do not be fooled. This is a scam attempting to access your credit card and personal information.

Like all financial services, PayPal is a target for scammers. Scammers continuously innovate with the kinds of phishing emails they create to fool people, needing only a small percentage of the tens of thousands of messages they send as spam to work.

In the past we have seen many other versions of PayPal related phishing emails, with subject messages such as:

  • Your billing information is out of date
  • You have a new account statement
  • Suspected fraud has been detected on your account
  • Your account has been suspended
  • A new payment invoice has been received
  • Your payment has been cancelled

Regardless of the ruse or approach taken, you can use the same simple steps to avoid any phishing attempt. If you receive a message you suspect might be a phishing attempt, do not click any links or attachments. Go independently to PayPal’s website and log in to check your activity.

PayPal also points out other indicators of fake emails include:

  • Generic email greetings: PayPal will always address you by your first and last name.
  • Attachments: PayPal will never email you attachments or software updates.
  • Deceptive URLs or false links.
  • Wrong, out of date or out of place logos, design and type.
  • Upsetting or urgent statements demanding you react immediately.
  • Bad spelling and grammar.
  • Requests for financial or personal information.
  • Amazing, too good to be true offers.

PayPal goes to considerable effort to help inform and keep its customers aware of phishing emails. Its website features a lot of good information you can read to stay safe.

More information

PayPal’s guide to phishing emails.

Stay Smart Online has more information on avoiding online scams and managing spam.

Stay Smart Online factsheet about how to detect and avoid phishing sites.

You can report spam to ACMA.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online