What is the “PayPal – Unauthorized Transaction” phishing email

“PayPal – Unauthorized Transaction” is a phishing email disguised to look like a notification from PayPal about a potentially unauthorized transaction. The email aims to trick users into calling the provided phone number so scammers can steal users’ highly sensitive information, including PayPal login credentials.

 

 

The “PayPal – Unauthorized Transaction” email claims that there has been an unauthorized transaction from users’ PayPal accounts. Specifically, an iPhone 13 Pro, 512GB has been purchased. The email asks that users call the provided customer support number (+1(530)637-8244 +1(443)457-0455) if they did not make the purchase and do not want the $699.88 payment to go through.

Transaction Date: 09/29/2023

Customer Support Team: +1(530)637-8244 +1(443)457-0455

Dear Customer,

We have noticed an unauthorized transaction from your PayPal account. If this transaction was not made by you, please call us to cancel this order. Otherwise, your $699.88 will be charged today.

Order Id: PAY04GS5581
Transaction Id: PPLL4357MA9What’s in the Box

iPhone 13 Pro, 512GB, Sierra Blue – Unlocked (Renewed Premium)
Size: 512GB
Color: Sierra Blue

Description Quantity Specification Amount
iPhone 15 Pro 01 512GB Sierra Blue $699.88

Ensuring the security of your PayPal account is our highest priority, and we are committed to resolving any issues together in order to protect it.

Sincerely,
Team PayPal

Customer Support Team: +1(443)457-0455 / +1(530)637-8244

If users fall for this phishing attempt and call the provided phone number(s), they will be connected to professional scammers. The scammers will claim to work for PayPal and promise to cancel the transaction. However, they will ask for a lot of personal information, supposedly so they verify users’ identities. They would also likely ask for PayPal login credentials. If users provide this information, their PayPal accounts may be accessed and real unauthorized transactions may be made. This can cause serious financial loss. In addition to the PayPal login credentials, the scammers would also ask for a full name, email address, phone number, home address, etc. This is very valuable information, which can be used to perform more elaborate scams on users in the future. It can also be sold to other malicious actors on various hacker forums.

Users should never reveal their login credentials to anyone, especially someone claiming to be a bank or another company providing financial services. Users will never be asked to provide such information by legitimate companies. If users have revealed sensitive login credentials, they need to change passwords immediately.

How to recognize phishing emails?

Sophisticated phishing emails are quite rare because they generally target very specific users. Low-effort ones are much more common and they target many users at the same time so they’re quite generic. This makes them easy to recognize in most cases.

One of the first things to check when users receive an unexpected email is the sender’s email address. Low-effort phishing emails are usually sent from random-looking email addresses so it’s easy to determine whether the email is spam/malicious. Users should always use a search engine to research the sender’s email address. If it’s legitimate, there will be results leading to the official site. PayPay does not have many email addresses it uses, so it’s easy to find out whether users received a legitimate email.

Another sign that may point to an email being potentially malicious is words like “Customer”, “Member”, “User”, etc., being used to address users. For example, this “PayPal – Unauthorized Transaction” phishing email uses the phrase “Dear Customer” to greet the user. This is an immediate red flag because legitimate emails, especially ones from senders like PayPal, address users by their name. If the sender should know a user’s name but uses generic words to address them, it’s likely not a legitimate email.

Users should also be careful with emails that contain phone numbers. Generally, companies do not display technical or customer support numbers in emails. If users need to call support, they would need to find the phone numbers themselves on official websites.

Lastly, we recommend users always double-check information when they receive emails like the “PayPal – Unauthorized Transaction” email. In this case, it’s easy to check information because users can just manually access their PayPal account and check the details. The same applies to all emails that ask users to perform some action (e.g. click on a link to access an account). Instead of clicking on buttons and links, users should manually access accounts and check the necessary details.