Fake PayPal “Security Measure” emails steal your info

There is a current email phishing campaign that is sending out fake PayPal “Security Measure” and “Security Measures” email messages to victims. The email messages state that your PayPal account has been accessed from an unknown device. The email message also contains instructions and a button that says to Check It Here.

Security Measures

Please be aware that these email messages are not sent from PayPal. The email messages are designed to phish information you submit into online forms such as your PayPal email address and password, home address, bank account details, credit card details, and more.

If you have received an email message from PayPal with a subject that says “Security Measure” or “Security Measures” delete it immediately and do not submit your information to any websites that the email tells you to visit.

log in to your account

The instructions in the email say to click on the Check It Now button, verify your login information, and verify your credentials and financials. Once you click the Check It Here button you will be taken to a phishing website such as www.holod-servis.com. The website spoofs PayPal and contains a form where you can log into your account. The form is designed to phish the email address you use to sign into PayPal and your password. You can actually feed the form a fake email address and password to move onto the next step.

unusual activity detected on your account

After you have provided an email address and password it will direct you to a new page. The page says that unusual activity was detected on your account. The page contains a .gif image that says access to your account has been limited. The page tries to trick you into believing that your account has been restricted and that you must follow their procedures to lift the restriction.

personal info

The next page will ask you for your personal information such as your name, email address, date of birth, home address, and telephone number. You can feed the form fake information to move onto the next step. This page is designed to gather your personal information.

card payment informations

The next page asks you for your card payment information such as your card holder, card number, card type, expiration data, and more. This page is designed to gather your credit card or debit card details.

bank payment informations

The next page asks you for your bank payment information such as routing number, account number, bank name, and account type.

success page

Once you have fed the webpage your bank payment information you will be directed to a page that says “Success!” It will claim that your account is fully restored.

If you fell for this scam and submitted information to the phishing website immediately log into your PayPal account and change your password. You can also change your email address that you use to sign into PayPal.

Contact your bank and credit card institutions and explain what happened. They will provide you with more information to secure your account.