Indicators of a Phishing/Social Engineering Email #2 - Fake PayPal


Cloud Security Engineer
Staff member
Jul 4, 2015
Here is another real phishing email. This one purporting to be from PayPal.

Lets dig in...
(Orange) we have typos and grammatical errors
(1) Again we have a weird email address from This is highly unlikely owned by PayPal.
(2) This email is probably BCC'd to a bunch of users. Most official communications will go directly to you
(3) Here is a hook/social engineering tactic. Trying to instill panic with a sense of urgency
(4) In this case there is no greeting or mention of me the customer (No greeting or generic ones are red flags)
(5/6) There are two issues account activity and a bank alert (Sorry, your bank would notify you of fraudulent CC or account usage)
(7) The whole email is an image that is also a clickable link

The link is a real emailing service with tracking capabilities. The threat actor can determine if you clicked his link. These services will also kick off additional redirects to the attack landing page most likely.

Looks like it redirects to a google doc

Another redirect to the end page. Looks like the attackers account has already been taken down
the main one doing the rounds in Australia is a fake toll payment one telling people they owe $2-12 dollars for a toll cam and asking them to click the link and put their bank payment details in

the reason it works so well is Australias total lack of understanding with internet security at even the highest levels
Phishing attacks are very popular because they have a very high success rate in general. 75-85% of Cyber crime will leverage phishing as part of their tactics. 60% on average are successful
back in the day the same people used to sell snakeoil potions... its a sign of the times i guess ;)
In the newer versions of Outlook I believe it will give you the option to report it which sends it to Microsoft to help improve their detection
it flags the email on your account... i beleave Microsoft then blocks that address to your account yes but they don't do anything else about it i.e, it doesn't then get blocked for someone else on a Microsoft email

its possible a high count of flags against a email will then take some other action but i have not tested it eg if 20 people flag the same email address it may get more than just blocked for them
Top Bottom