Phishing with a Sense of Urgency


Thought Leadership

Phishing with a Sense of Urgency

Bear Huddleston

PayPal, one of the largest online payment systems, is being spoofed by scammers in an attempt to phish customers' account information.

In this campaign, cybercriminals are sending out hundreds of thousands of emails in an attempt to get unsuspecting endusers to click on a link within the email and ultimately submit their information. Cyberthieves are then able to use that information and steal money from the users PayPal account.

The campaigns AppRiver have been intercepting come in two different variants. The first variation warns the recipient that inaccurate information was found on their PayPal account. The second variation warns the recipient of unusual login activity on their PayPal account. Both forms of the campaign use a sense of urgency by noting the recipients' accounts will be closed unless they act quickly and click the malicious link they have placed within the email.

Here are some examples of these PayPal phishing campaigns

Sample 1

PayPal Phishing Sample #1

In this sample, the scammer is informing about receiving wrong information; therefore, the PayPal will be closed if the account is not verified or confirm.  However, according to PayPal, accounts are closed when inactive for a long period; not for having the wrong information.


Sample 2

PayPal Phishing Sample #2

This sample alerts the recipient of unusual activity and decides to close the account unless you log in to prevent this measure from happening. The URL will take you to a deceptive "PayPay" login page.


PayPal Phishing Sample #3


Any information entered on this page will end up in the nads of the scammer. Please be advised, the login page below is using SSL connection. Even though a website has a lock icon in the web address, it does not mean the website is safe. It only means the connection is secured.


Do not trust emails you receive that convey a sense of urgency. Be aware of red flags.

Here some tips on how to spot phishing emails:

Be caution of impersonal or generic greetings/salutations; e.g. "Dear Customer" or "Hello your@email.address."  Legitimate businesses use your first and/or last name.Always verify the links you're about to click on by hovering your mouse over the link. Scammers often use this method to phish for your information and/or infect your computer.Report emails that contain unknown or bizarre attachments. Phishing emails are a common vector for delivering malicious files.Be wary of emails conveying a sense of urgency. Like the examples above, they want you to act now or else. Always confirm by going through official channels; not by replying or visiting the URL in the email you received.

If you are an AppRiver customer, forward any suspicious emails to and our 24/7 trained cybersecurity specialists will review the email for you.

If you're not an AppRiver customer, contact us for a free trial of our Advanced Email Security