PayPal Notification of payment received is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment.
These emails are absolutely identical to the genuine emails that you receive from PayPal when someone sends you money, especially after selling something on eBay . The difference is the link to the transaction goes to a fake site that tries to download a malware file to your computer, that appears to be a PDF.
Almost all of these have a password stealing component, with the aim of stealing your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your facebook and other social network log in details.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
email reads:
You’ve Received New Funds!Dear [email protected],This email confirms that you have received a payment for 060.70 GBP from [email protected]
Receipt ID: 2111-7964-4640-4830
The number above is the buyer’s receipt ID for this transaction. Please retain it for your records so that you will be able to reference this transaction for customer service.
View the details of this transaction
PayPal Shopping Cart Contents
| Item Name: | Post Man Pat, PC Selby Car & Figure |
| Item Number: | 400301809020 |
| Quantity: | 1 |
| Total: | 060.70 GBP |
| Cart Subtotal: | 060.70 GBP |
| Postage: | 14.25 GBP |
| VAT: | |
| Cart Total: | 060.70 GBP |
Payment Details
| Total amount: | 060.70 GBP |
| Currency: | British Pounds |
| Transaction ID: | 7HD151924J961211N |
| Postage and packaging: | 14.25 GBP |
| Postal insurance: | 0.00 GBP |
| Buyer: | Kathryn Watts |
| Buyer’s User ID: | kate3282 |
|
|||||||
Have you lifted your withdrawal and receiving limits? Just log in to your PayPal account and click View Limits on the Account Overview page.
Yours sincerely, PayPal
Copyright S 1999-2012 PayPal. All rights reserved. PayPal (Europe) S.a r.l. et Cie, S.C.A. Societe en Commandite par Actions Registered Office: 5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118 349PayPal Email ID PP345
And looks like
PayPal Notification of payment received
12 May 2021: PP_detalis_726716942049.pdf.exe ( 485 kb) Current Virus total detections: 0/51
This PayPal Notification of payment receivedis another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.