1. Information Technology Services
  2. Solution home
  3. Information Technology
  4. Security

PayPal Phishing Campaign

Modified on: Wed, Apr 9, 2025 11:28 AM

PayPal as a service has taken great strides to reduce the amount of phishing emails that are affecting its customers and users. Despite these efforts however, phishing emails still manage to find their way through the cracks every now and again. Trine IT has noticed an increase in the reported phishing emails regarding PayPal alerts, and has created this article to not only make you aware of the emails, but how to spot them as well. There are two emails circulating Trine emails, one makes mention of a contribution to a "pool", while the other is an egift of varying amounts. 


Below are screenshots of the two emails in question:

----------------------------------------------------------------------------------------------------------

 



These emails both appear to come from the official 'service@paypal.com' email, and are sent to unsuspecting users in hopes of getting them to interact with the links in the email. This attack works by the malicious sender first conducting a legitimate action on PayPal's site, in this case they are either donating money to a shared money pool or are purchasing  e-gift cards themselves. Once this action is completed by the malicious user, PayPal generates the confirmation emails to be sent to the malicious user from the 'service@paypal.com' email. The malicious user then masks their email identity and sends these confirmation emails out to the masses as the 'service@paypal.com' account, making the email look legitimate. Fortunately there are a few identifying tools you can use to help spot these fake emails. 


You Contributed to Your Pool:

  • This email will always show you what email your contribution was made with. In this case, it was made by 'amandareagan@myyahoo.com'. If you do not see your own email in this confirmation field, then you know that the email is a phish
  • Look at the name of the Pool you supposedly contributed to. Normally these have identifiable names such as 'camping trip' or 'family vacation', but this Pool is titled 'Don't recognize this seller? Contact PayPal at 1(888) 343-6785'. The number provided is NOT PayPal's support number (Googling PayPal support the # is actually 1(888) 241-1161) and is more than likely the malicious user's phone number. PayPal's support number is also listed at the bottom of all official PayPal emails, you can verify the legitimacy of a message this way as well.
  •     Always look at the name in the greeting of the email. PayPal will always put your name in the greeting to help identify spam and phish emails. If you do not see your name in the greeting of a message, the message is a spam. 


You Purchased a PayPal e-gift:

  • Always look at the name in the greeting of the email. PayPal will always put your name in the greeting to help identify spam and phish emails. If you do not see your name in the greeting of a message, the message is a spam. 
  • Look at the currency used in the purchase. Very rarely, if ever, should you be using anything other than USD ($) to make purchases for Trine related expenses. If you receive an email from PayPal claiming that you made a payment in a foreign currency, more likely than not the email is fake. 
  • Verify the shipping address on the order confirmation. Even with E-Gifts, you'll still have to have an email address for the delivery of the e-card. In this instance however, a physical address was provided and not an email. If you don't see your email, or physical address in this confirmation email, the email is fake. 
  • Verify what email made the purchase. All PayPal emails will contain a small piece of text identifying where the course of payment originated from. If you do not see your email listed as the origin of payment, the email is fake. 


While PayPal does great work at mitigating and reducing the number of legitimate phishing emails that are sent out imitating their platform, they're not always going to stop 100% of the attacks. It's important to keep in mind that just because something appears to have been sent from a legitimate source that it may not always be who you think it is emailing you. If you find yourself receiving either of the above emails, please either report the email utilizing the 'report phish' button in Outlook, or simply delete the email from your inbox. DO NOT interact with either of these emails or attempt to contact the sender in any capacity. If you have any other questions or concerns, please reach out to IT at help@trine.edu or 260-665-4275.

Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.