Something fishy?
Report fraud to us between 09.00 and 17.00 Monday to Friday.

Spear phishing pops up in PayPal scam email

16 September 2015

Scammers have used the practice known as spear phishing in an email that pretends to come from PayPal. Spear phishing is a type of phishing which targets very specific victims, seeking unauthorised access to their personal information. By using specific details, the perpetrators make the message seem authentic and therefore more difficult to identify as a phishing scam. This makes spear phishing more dangerous.

Personalised greeting
The new ‘PayPal’ scam email uses a personal salutation, addressing the person by her name, instead of the general greeting often used in phishing scams. In most cases, these start off with “Dear customer”. The addressee’s name also appeared in the subject of the email.

The content of this particular scam does not differ much from other phishing scams. “Your account has been restricted” and you can have these restrictions lifted by clicking on a link, which enables you to log in to your account. This is where you disclose your personal details.

Spear phishing
Email scams are usually spammed out in large numbers. The fraudsters hope that someone will take the bite. Spear phishing is a more targeted type of phishing, focusing on a specific group of people who have something in common. They either work for the same company, use the same bank, go the same school and make their purchases on the same websites. These emails often come from companies who send regular emails, making them appear trustworthy.

Spear phishers do their utmost to make their emails look credible. Some might even hack an organisation’s computer network or trawl websites, blogs and social media for information that will help personalise their emails.

Here’s an example:

09-16 PayPal-16-09