'New login to paypal' email, is this legitimate or a phishing scam?

jer3theo
Contributor
Contributor

I received the email below this morning showing a login from a computer I don't recognize.

 

Is this a legitimate email from paypal?

Is '<removed>' a legitimate Paypal email address?

Thus was someone actually able to successfully login to my account?

 

 

Here is a copy/paste of the email:

 

Hello,  xxxxxx
 
 

 

 
 
 
 
 

 

 
 
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

New Login to PayPal
We noticed a new login with your PayPal account associated with XXXXX from a device we don't recognize.
 

Desktop Chrome Windows 8 NT 6.2

May 1, 07:05 AM PDT

Louisiana,US

 

If this wasn’t you, please change your password immediately and review your account for unauthorized activity.

Thanks,

PayPal

 

 

 

 

 
 

 

 

 

 

 

 

 

 

 

Help & Contact  |  Security  |  Apps
 
 

 

 

 

 

 

 

 

     
 

PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing

 
 

Please don't reply to this email. To get in touch with us, click Help & Contact.

 
 
 
 
 

Copyright © 1999-2020 PayPal, Inc. All rights reserved. PayPal is located at <removed>

PayPal

Login to Me Too
4 REPLIES 4

flakeycake
Contributor
Contributor

I don't have an answer but received the identical email. It seems real. I changed all my login and added 2 step verification, which I thought I already had on. Did you check your activity settings? 

Login to Me Too

rml8105
Contributor
Contributor
I also had this and replied to another thread here already. Mine had a different sign on location but it looks like quite a few of these emails went out. I also saw no activity on my account so I’m not sure if this is a legit notification, something sent out in error, or a really strong spoof.
Login to Me Too

ncERAmra
New Community Member

I received an email this morning of the exact same format.  Spam/Phishing emails are usually easy to identify but this has me wondering.  First, according to whatever live.com does to check legit addresses, it came through as a safe sender i.e. service"at"paypal.com .  Usually when it is spoofed, it has a malicious "reply to" address and doesn't even make it past the spam folder.  Second, my real name is at the top of the email.  Usually malicious emails will have "Dear customer" or something generic because all an attacker has is the email and not your other account info.  Third, the city/state where the login supposedly came from is somewhere I actually traveled to in the last several months (but did not use paypal).  Fourth, the link leads to an actual paypal.com password reset page.

 

But here is the thing, when logging into paypal directly through their page (not using any links) I get my usual interface, no activity, no warnings, and I could not for the life of me find any way to look at previous login activity.  Seems like something would be there (or should) so people can check for this kind of activity.  Many (most) other services have this, even if it is just a "last login" kind of thing with date/time/location.

 

Adding to the confusion, previous emails from paypal have referred to both my business name and my real name at different times so I cannot tell if this is real, or if it is simply a situation where someone has my name and my email and is using them together for a more sophisticated attack.  Given how many times my personal information has been compromised in security breaches over the last 10 years, I have occasionally been targeted.  But geez I gotta say, for every person out there smart enough to pull of an attack, they can never never ever seem to get grammar or formatting correct and their emails are easy to spot.  As far as this email, I cannot tell.  Other than missing a space after the comma of the city, state location, there are no obvious typos.

 

At cursory glance, it appears to be legit, but without having a way to verify through Paypal directly i.e. no obvious indications or tools  on your account dashboard to audit your security, it should be considered as part of a more sophisticated attack and looked into.  Of course the password change and 2-factor authentication is a good idea.

 

 

Login to Me Too

rml8105
Contributor
Contributor
I got a message back from customer service and they indicated no emails sent or new devices on my account. That was odd since I did get a legit email about a new device when I logged on after the first email (that email was exactly same as the one I got that I didn’t expect other than the location). But perhaps the rep was only referring to the first email when he said that. But given that the “spoof” email was exactly the same as the legit one and since live.com had it verified as a trusted sender it’s sounding like some kind of systems issue on their end. But I will agree that it would be nice if PayPal would put a “recent logins” information tab on the site so we can monitor these things better.
Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.