Fake emails are being sent to PayPal users (and even to people who do not have PayPal accounts) from various possibly spoofed email addresses such as emails ending with @intl-limited.com, claiming their accounts have been limited due to significant changes in account activity or unusual activity on a credit card linked to the PayPal account. To unlock your account, you’re prompted to enter your PayPal login information on a deceptive website.
Do not follow the instructions in the emails. It is a phishing scam! If you have received this email, delete it immediately.
If you try to reactivate your account, you will be redirected into a site which asks for your password. If you provide your account credentials, the scammers will have access to your PayPal account and will be able to steal your money.
Ad
Best International Crypto Exchange - Buy/Sell BTC & other Cryptocurrencies | |
Crypto Betting Platform (CFDs) |
They might also ask you to provide your social security number, address, and phone number.
Several domains are being used to send these fraudulent PayPal emails. Possible email addresses from which the message is sent include:
- service@intl-limited.com
- secure@intI-Iimited.com
- pajero-targetkitanokvu-libiarjossspevltq@rasakitasaji.com
- r59sqbnnzb6@guerrillarailroads.com
Some information regarding these domains (which may or may not have anything to do with this scam):
The domain intl-limited.com was registered via the EuroDNS S.A. registrar on September 19, 2016 for 4 years.
The domain rasakitasaji.com was registered via the Google LLC registrar on December 6, 2019 for 1 year.
The domain guerrillarailroads.com was also registered via the Google LLC registrar on September 18, 2019 for 1 year.
When we plugged the domain intl-limited.com into the web browser, it redirected us through different spammy websites at first. And later just led us to an empty page.
Ad
Best International Crypto Exchange - Buy/Sell BTC & other Cryptocurrencies | |
Crypto Betting Platform (CFDs) |
Visiting rasakitasaji.com returns a “server IP address could not be found” message.
If you try to visit guerrillarailroads.com, Google Chrome shows a Deceptive Site warning and does not allow you to proceed, saying that “Attackers on guerrillarailroads.com may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).”
Notice how none of the emails from which the message was sent end with @paypal.com, which should be an easy indication that it is a fake email. However, it may be possible for scammers to spoof the email and make it look as if it sent from PayPal.com.
So even if you get this kind of email from a PayPal.com email address, don’t click on any links. Login to your PayPal account at PayPal.com and check if you have any alerts.
And if you are not already using 2FA (two factor authentication), then consider doing so by heading to paypal.com/myaccount/security/twofactor/authentication.
If you have been tricked by this scam, make sure to immediately change your password and check your account for any transactions you haven’t made.
You should also report this to PayPal and to the FBI Internet Crime Complaint Center.