Since PayPal is a subsidiary of eBay, it’s a rather suspicious coincidence that PayPal members have been the target of phishing attempts.
PayPal has admitted that these emails are indeed not from the company. “Thanks for forwarding that suspicious-looking email. You’re right – it was a phishing attempt, and we’re working on stopping the fraud. By reporting the problem, you’ve made a difference!” reads a reply received by Softpedia editors after reporting the problem.
The company points out that identity thieves try to trick you into revealing passwords and other personal information, which means they differ from messages sent by the company.
Hackers even go as far as to include information about why these emails are not fake – they address you by first and last names or the business name, and they won’t ask for sensitive information, such as bank account, credit card details, or password.
The attack on eBay announced yesterday had actually taken place between the end of February and beginning of March, right around the time that PayPal users started receiving the spammy mails. The company chose to stay quiet about it, as it investigated the problem, effectively leaving users vulnerable.
If you notice such an email in your inbox, it’s best if you forward it to [email protected], where PayPal handles suspicious emails. It could also help to flag [email protected] as spam so your email account spots it and sends it right to the spam folder, so you don’t accidentally go through with the instructions in the email.