Phishers Target PayPal Users With Fake “Failed Transaction” Emails

Scammers are pushing out fake PayPal emails that use the premise of an unverified transaction to phish for customers’ personal and financial information.

With the end-of-the-year holidays quickly approaching and many users worrying whether the gifts they bought online will be delivered in time for the festivities, an email from PayPal saying their transactions were impossible to verify or their payments were not processed will throw most users for a loop.

Phishers are counting on that, and are hoping that panicking users will be too distraught to notice that the email did not actually come from PayPal and that it didn’t address them by name:

Those who fail to identify the email as fake and click on the button ostensibly taking them to the “Resolution Center” will be taken to a phishing site set up by the criminals.

There, through a series of pages, they will be asked to enter their PayPal login credentials, physical address, phone number, mother maiden’s name, date of birth, and payment card information (name, number, card number, expiration date, security code):

Here’s one example:

PayPal_Phish