Are There Gremlins in That PayPal Email?

What's Hot

Do This or Your iPhone Bill May SkyrocketSave

23 Upgrades Under $50 to Make Your House Look AwesomeAround The House

Trump Worth $10 Billion Less Than If He’d Simply Invested in Index FundsBusiness

11 Places in the World Where You Can Afford to Retire in StyleMore

What You Need to Know for 2017 Obamacare EnrollmentFamily

8 Things Rich People Buy That Make Them Look DumbAround The House

32 of the Highest-Paid American SpeakersMake

Amazon Prime No Longer Pledges Free 2-Day Shipping on All ItemsMore

More Caffeine Means Less Dementia for WomenFamily

9 Tips to Ensure You’ll Have Enough to RetireFamily

30 Awesome Things to Do in RetirementCollege

5 Spots Where Retirees Can Live for Less Than $40,000Real Estate

10 Ways to Reduce Your Homeowner’s Insurance RatesFamily

10 Ways to Pull Together the Down Payment for a HomeCredit & Debt

Chew on This: The Story Behind Your Hershey’s Halloween TreatsBusiness

Pause before entering your credentials! Cybercriminals have made it almost impossible for a casual observer to distinguish phishing emails from the real PayPal messages.

The post comes from Fahmida Y. Rashid at partner site

Faked PayPal email notifications directing recipients to malicious websites aren’t new. But cybercriminals are getting a lot better at executing them.

That’s shown by the discovery of a current phishing campaign designed to lure victims to click to a pair of very well-designed but faked PayPal websites.

The finding comes from researchers at OpenDNS, a free, ad-sponsored service for making faster, more secure website connections.

The fraudulent PayPal websites are virtually indistinguishable from the real, down to the images used on the login screen, the color palette, and the HTML code used in the page’s layout, the researchers found.

The faked sites were registered through a popular web hosting service and designed using the service’s extensive site-building tools, resulting in a professional and realistic-looking site. “An untrained observer might not notice and actually follow through with entering credentials,” OpenDNS researchers wrote.

More believable domain names

Even the domain names were selected to confuse victims. The phishers used site names such as “” and “” One forged domain, “,” was a “perfect clone of the legitimate site,” the researchers said.

Phishing refers to how attackers lure victims into handing over sensitive information such as user names, passwords and financial information. For the most part, phishing attacks begin with an email that appears to be from a legitimate source, whether it’s a person or a business, asking for specific pieces of information. This latest phishing campaign began with fake emails masquerading as official communications from

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,705 more deals!