E-Threats Tips and Tricks

German Customers of PayPal, ING-DiBa Asked by Scammers to Update Accounts

In a brand new phishing campaign targeting Germans, scammers set their eyes on identification data of PayPal and ING customers in Germany.

Germans should therefore take care with the e-mail that seems sent by PayPal or ING asking them to update their accounts for safety reasons. Scammers impersonate customer service representatives of the financial institutions seeking to help secure customers and their private data from ever-increasing fraud attempts and impersonations.

The bogus PayPal notification suggests users download the attached form in a “modern browser that has JavaScript enabled (for instance Internet Explorer or Mozilla Firefox).” The form can however be opened in other browsers as well.

In the case of the e-mail impersonating ING Bank, scammers solemnly warn clients of a new “major safety project to secure users’ accounts” due to increasing fraudulent activity.

Unlike the PayPal notice, the fake ING e-mail has no attachment, but includes a link in the body of the message to lead German users to the phishing form.

Most German computer users have seen this type of con before, as scammers hardly ever spice their phishing attacks with novelty. They use popular financial institutions and e-mail taglines by rotation in the hope that some new user will be inattentive or miss the numerous security warnings by security communities and financial institutions alike.

They know they can’t con everybody  and don’t waste time trying to convince people they are legit, but focus on the gullible few.

If users fill in the form, they give crooks pretty much everything they need to access any cash in the compromised accounts, impersonate the victims or use that data in fraud or future spam campaigns.

Tips & tricks to help you stay safe while “handling” your inbox:

             • avoid downloading or open e-mail attachments before scanning them first, even if you see the name and  the logo of the institution you are doing banking with;

            • don’t open just any attachment that promises to offer you financial status or a security upgrade for your account. Such information is always provided to you in person by the bank you are working with;

            • as mobile users, every time you want to access your account, type in manually the URL of the bank or PayPal ;

            • last but not least, install a fully-fledged antivirus on your system and keep all software up-to-date. This will help you

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.