Phishing Example: PayPal - We need your help

March 22, 2016

What makes this a Phishing message?

  • The email address of the sender is not from PayPal (Access@up.com).
  • The grammar in the message is very poor, which is always a strong indicator of a fraudulent message.
  • The "Update your information" button goes to a nefarious website (treebeard.mschosting.com).


Original Message:

Subject: Your account has been Iimited untiI we hear from you
From: Customer service <Acces@up.com>
Date: 3/22/2016 4:14 PM
To: xxxx@berkeley.edu

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu.  Be sure to include the entire text of the message, including the email header.