Paypal phishing

This article demonstrates a phishing e-mail from fake Paypal
 02/04/2021 22:17:16
 Varga Gábor

If you identify an e-mail as a phishing attempt, DO NOT CLICK TO any links within the e-mail. Immediately remove from your Inbox folder!!!

I received an e-mail from PayPal that they want to verify my account, and requested some details:

  • My billing address
  • Credit/Debit card details
  • Copies of my personal documents (e.g.: ID Card, Address card etc.)

Definitely this e-mail did not come from PayPal and now I will show you how you can identify that this e-mail is a phishing e-mail:

If you have Gmail, you can see, that the mailer already identified as a possible phishing e-mail. I don't know if any other mailer could do that, but Gmail helps you in this case.

Other clues to know this e-mail is definitely a phishing attempt:

  • First and most important to check the sender address (billy@mortgageclub.co). This is definitely not a PayPal e-mail address.
  • You can see a link in the e-mail with name Confirm Now (Nr. 1st). If you move the mouse over this link (don't click, just move the mouse over), you can see the link pointing to below (Nr. 2nd). It is also definitely not a PayPal link.

Now click to the link:

After clicking to the link, many of redirects happened, and now you see the paypal logon screen. But check the URL at the address field. It looks strange, and it is definitely not an URL from PayPal.

Now login (of course with some fake data):

Of course I could log on with a fake information. You can everything for the login credentials, it will accept everything.

Now let's click to the Start Process button. 

I filled the form with really fake details:

Click to Continue:

And this page is the most important to the people behind the phishing e-mail. Here they ask my Credit/Debit card details. Of course the data written here also fake and non-existing information. I would be curious how fast they try getting money from the card... But I will not test becuase I will not write any real card details here. So now click to Continue.

Now they showed me a page where I should write my Mastercard details. Let's write some fake details and click to Continue.

So MasterCard accepted my fake details. Interesting :-) Now I find some fake images and upload them, and I click to Continue button.

Now I'm done. I am verified my account. Haha.

After that it redirects me to the real PayPal login page: