The other day, April 2020, my girlfriend received an email from the address [email protected]. It read as follows:
Your PayPal Account in Under Review.
After a recent review of your account activity. we’ve determined you are in violation of PayPal’s Acceptable Use Policy. Your account has been limited until we hear from you. While your account is limited, some options in your account won’t be available.
What to do next ?
1. Please log in to your PayPal account and follow the steps-by-steps verification procedure. To help protect your account, access will remain limited. In addition, you will not be able to send ot receive money until you complete the necessary steps.
2. Provide the information needed. The sooner you provide the information we need, the sooner we can resolve the situation.
3. If you need help or have any questions, call us at 1-888-221-1161, 5:00 AM to 10:00 PM PT and Sat-Sun 6:00 AM to 8:00 PM PT. Please note that hours of operation may vary on holidays.
The security of your PayPal account is a top priority for us and we want to work together to help protect it.
The email included PayPal’s official logo on the top and an identical-looking with the official log-in button at the bottom.
Although this attempt was astonishingly sophisticated for the deficient brains of the average scammer, it nevertheless became immediately obvious that it was but a phishing scam. That was so by the mediocre grammar and text-formatting; and even more so by the long, alphabetically-ordered list of other email accounts that were sent the same email in bulk.
I clicked the button and it directed me to a fake, short-linked page that looked identical with the normal PayPal login page. The url included the word paypal and something about login manager. I entered the email address [email protected] and the password tralala. I was logged and directed to the next page where I was informed about the alleged limitation and was asked for additional credentials.
It saw it as an excellent opportunity for one of those scamming-the-scammers pranks I so much enjoy. I replied:
Hello Paypal,Â
Thanks a million for this notification and your concern. I wanted to ask you, is there any chance you’ve done a mistake? I just logged in to my Paypal app normally after you sent me this email and I don’t experience any limitations. It seems I can receive and send money and make payments and everything without any problem. What are the limitations I would be experiencing?Â
Thanks a lot for your kind reply
Yours sincerely
To my great surprise, I was sent back this auto-reply within seconds:
Thanks for contacting us.
We want to help you but we can’t answer emails sent to this unmonitored mailbox.
To get in touch by phone or email, go to www.paypal.com and click Help & Contact at the bottom of the page.
PayPal
This seemed to be a real PayPal auto-reply which directed me to PayPal’s real website.
I checked online the address [email protected] and found mixed information. Some sources said that it’s fake; others that it’s a legit PayPal email address which has apparently been hacked by scammers. Whichever the case, unfortunately, those scammers weren’t of the talkative kind. No fun here. Either they obtain the credentials via the button on their first email, or there is no conversation at all. On to the next one.
Anyhow, I decided to go through the whole account restoration process – giving them ridiculous, fake credentials all along the way – and see how far they’d go. I suspected that, page after page, they’d try to get the most they could; even asking for credit card credentials at the end. It was though late and I decided to leave it for the next day. To my disappointment, when I tried in the morning, the short link to their fake login page had expired. Apparently, they create new links all the time so as not to get traced. Hopefully, I’m going to receive another one in the future and go through the whole process.
