Body
Date and Time First Identified
- January 7, 2025 at approximately 1:45pm
Phishing Method
- Email claiming to be from Quickbooks indicating an odd transaction on a PayPal account.
- The sender's email signature (display name/email address) matches a known brand ('Intuit'), but the sender domain does not match any domains found in body links.
- The email content is unusual because the message body contains a link to a shortened URL, a common pattern when attackers link to malicious websites.
- The email body contains language that may be trying to steal money and/or personal information.
- The email may be a bitcoin extortion attempt, as the message body contains language that's commonly found in bitcoin extortion attacks.
- The phone number given for PayPal support does not match the number you find when looking up PayPal online
User Response
- Mark the message as spam or junk
- Block the sender (so you don’t get another message like this)
- Do not reply to the message.
- Do not click on any links or attachments
- Forward the message to phishing@dartmouth.edu
Sample Unformatted Email
Subject: Thank you for your order
We have discovered an odd transaction on your PayPal account using Bitcoin (0.013 BTC) for $549.00 USD. On **January 7, 2025**, this activity was started from an unknown IP address. This payment has been temporarily halted as a security measure.
### Immediate Action Required:
If you did not authorize this transaction, please contact us immediately to stop any further activity on your account.
### Contact PayPal Customer Support:
📞 +1(802)203 2074(Toll-Free, Available 24/7)
To examine the transaction details, click "REVIEW NOW."
**Transaction Details:**
**Invoice Number:** BTC345678GHJ
**Amount Charged:** $549.00
**Item:** Bitcoin (0.013 BTC)
**Date of Transaction:** **January 7, 2025**
### Steps to Take:
1. **Verify or Dispute:**
Get in touch with our support team at 📞 +1(808)808 2502 for help resolving this issue.
2. **Secure Your Account:**
Log in to your PayPal account and follow the instructions to verify your identity and enhance your account's security.
3. **Complete the Transaction:**
If this payment is legitimate, no additional steps are necessary.
**Our First Concern Is Your Security:**
PayPal is still totally dedicated to safeguarding your financial and personal data. Please be aware that PayPal will never email you for your password, PIN, or financial information. Always connect into your PayPal account directly to confirm any unclear communications.
**Important Note:**
This is an automated notification. Do not respond to this email.
If you observe any suspicious activity, please contact us immediately to safeguard your account.
Sincerely,
𝓢𝓮𝓬𝓾𝓻𝓲𝓽𝔂 𝓣𝓮𝓪𝓶