OFFICIAL SECURITY BLOG

Fake PayPal “Survey Program” Email Wants Card Details

February 24, 2014 | BY

Be wary of emails bearing gifts – in this case, claiming to reward those who would fill in a so-called PayPal survey to obtain a “£25 reward”.

This one is flagged as spam in Gmail, but depending on your mail provider it may creep into the Inbox instead of the Spam folder:

Spam mail

The email reads as follows:

Greetings,

As today 23 February 2014, PayPal is launching a new survey program. All customers are welcome to participate this survey. The survey will take 5 minutes and for your effort and understanding PayPal will select most of the customers that takes this survey and reward them with £25.00 GBP.

It would be helpful if you fill it out right now. If that is not possible, please do it soon. We plan to close the survey on 23 February 2014, so do not delay.

Please note that all responses will be confidential.

To start completing the Survey please download the attachement form and follow the steps to open a secure browser window.

Your PayPal BONUS CODE is PP2553455; Please copy/paste the code and write the code in the survey file in order to get your £25.00 GBP prize.

Thank you,

Simon Reuben
Sincerely,
PayPal Account Departement.

The zipfile, online_form.zip, contains a .htm page which looks like this:

"Survey" questions

Underneath the entirely pointless “survey questions”, the form asks for name, address, city, postcode, birthday, the “£25 bonus code” and full debit card information which all sits above a handy “Submit” button (top tip: don’t hit the submit button).

While the people sending this mail have presumably tried to panic recipient into replying quickly (that is one seriously tight deadline), they may find this backfires as would-be victims see “23 February 2014” and send it straight to the trash.

Take note of the following advice from the PayPal Security Center:

“To help you better identify fake emails, we follow strict rules. We will never ask for the following personal information in email:

Credit and debit card numbers
Bank account numbers
Driver’s license numbers
Email addresses
Passwords
Your full name”

If it sounds too good to be true…

Christopher Boyd