We are monitoring a phishing attack directed toward the customers of PayPal Italy. The email is very long and explains the reader why is it important to click on that link and to answer to the survey. As usual for this kind of emails, the subject specifies that the user is required to take action immediately.
Another interesting fact with this phishing attack is that the email appears to be sent from paypal.lt (Lituania). Checking the paypal.lt domain in a browser, we are redirected to the paypal.com website and then to the final target http://www-paypal-deutschland.de. These guys from PayPal seem to never learn anything from experience. As long as you have more than one domain for a business, you create confusion and practically invite fraudsters to take advantage of the confusion this creates.
The fake PayPal website looks different than the real paypal.it website (on paypal.it/ricarica), which might be because the screenshot was taken at a different point in time.
We would like remind our readers to never click on links in (unexpected) emails. If you have to visit a webshop or website of a financial institution, please make sure you type the URL by hand and not by clicking links in some email!
Data Security Expert