Paypal SMS Phishing: Do not follow the links

If you get something similar, do NOT follow the link.  If you have any questions about Paypal, login directly to Paypal, not any other site.

2015-02-09 10.40.33
A real text message! URL obscured.

 

Response from Paypal:

Thank you for being a proactive contributor by reporting
suspicious-looking emails to PayPal’s Abuse Department. Our security team is working to identify if the email you forwarded to us is a malicious email.

Paypal Will Always:

– Address our customers by their first and last name or business name of their PayPal account

Paypal Will Never:

– Send an email to: “Undisclosed Recipients” or more than one email address
– Ask you to download a form or file to resolve an issue
– Ask in an email to verify an account using Personal Information such as Name, Date of Birth, Driver’s License, or Address
– Ask in an email to verify an account using Bank Account Information such as Bank Name, Routing Number, or Bank Account PIN Number
– Ask in an email to verify an account using Credit Card Information such as Credit Card Number or Type, Expiration Date, ATM PIN Number, or CVV2 Security Code
– Ask for your full credit card number without displaying the type of card and the last two digits
– Ask you for your full bank account number without displaying your bank name, type of account (Checking/Savings) and the last two digits
– Ask you for your security question answers without displaying each security question you created
– Ask you to ship an item, pay a shipping fee, send a Western Union Money Transfer, or provide a tracking number before the payment received is available in your transaction history

READ!

Any time you receive an email about changes to your PayPal account, the  safest way to confirm the email’s validity is to log in to your PayPal account where any of the activity reported in the email will be available to view. DO NOT USE THE LINKS IN THE EMAIL RECEIVED TO VISIT  THE PAYPAL WEBSITE. Instead, enter www.paypal.com into your browser to log in to your account.

What is a phishing email?

You may have received an email falsely claiming to be from PayPal or another known entity. This is called “phishing” because the sender is “fishing” for your personal data. The goal is to trick you into clickingthrough to a fake or “spoofed” website, or into calling a bogus customer service number where they can collect and steal your sensitive personal
or financial information.

We will carefully review the content reported to us to certify that the content is legitimate. We will contact you if we need any additional information for investigating the matter. Please take note to the security tips provided above as they may help to answer any questions that you may have about the email you are reporting to us.

Help! I responded to a phishing email!

If you have responded to a phishing email and provided any personal information, or if you think someone has used your account without permission, you should immediately change your password and security questions.

You should also report it to PayPal immediately and we’ll help protect you as much as possible.
1. Open a new browser and type in www.paypal.com.
2. Log in to your PayPal account.
3. Click “Security and Protection” near the top of the page.
4. Click “Identify a problem.”
5. Click “I think someone may be using my account without permission.”
6. Click “Unauthorized Account Activity.”

Thank you for your help making a difference.

Every email counts. By forwarding a suspicious-looking email to spoof@paypal.com, you have helped keep yourself and others safe from identity theft.

Thanks,
The PayPal Team