PayPal users are asked to be on the lookout for fake PayPal email messages like the one below with a fake electronic gift card receipt from GCSpread, which claim that they have been charged for it. The fake or phishing email messages are being sent by cybercriminals to trick PayPal users into clicking on a link within them that goes to a fake or phishing PayPal web page or website. The fake web page or site will then attempt to steal PayPal credentials and credit card information. So, it is important that PayPal users remember never to click on a link to sign into their PayPal accounts. They should instead, always go directly to www.paypal.com, sign into their accounts and check their accounts for transactions.
Sample of the "Your Electronic Gift Card Receipt from GCSpread" Phishing Scam
Subject: Re [ Transaction Receipt ] Your Electronic Gift Card Receipt from GCSpread on October 21, 2017, 2:19 pm
From: service@paypaI.com <pukimak921@dimalamhari-3.business>
GCS Spread
Thank you for your purchase!
Congratulation!!!
Following are your order details:
Merchant Card Typ Current Value Qty
eBay Electronic Gift Card $50 1
Microsoft Store Electronic Gift Card $15 1
We have received your payment for this order, your PayPaI was charged $65.00 USD, you can cancel this payment here
Order: #45254782
Order Date: October 21, 2017
Order Amount: $65 USD
Gift Card Spread
STE 330, 820 N Orleans St,
Chicago IL 60610
Toll Free
1-855-955-5GCS
Support
support@giftcardspread.com
The link in the fake email message goes to a fake PayPal webpage (hxxp://paypal.com-managegiftcard.online/webapps/b4a47/websrc) created by cybercriminals to trick their potential victims into entering their PayPal username, password and credit card information.
If the requested information is submitted by the potential victims, it will be sent to the cybercriminals, who will use it to steal their money and use their accounts fraudulently.
If you are tricked into submitting your PayPal credentials and credit card information on the fake web page, please change your PayPal password and contact them for help immediately. Also, contact your bank and let them know that you have submitted your credit card information on a phishing website.
Remember, never click on a link to sign into your PayPal account, always go directly to www.paypal.com or use PayPal's legitimate mobile app. Once you have signed into your account, you will be able to view the transactions on your account, if there are any.