PayPal users have always been major targets of hackers, and if you are using the online banking system, you probably have encountered a phishing attempt before. They range from elaborate and convincing to completely obvious ones, nevertheless, some users still fall for them. A new phishing attempt targeting PayPal users has been noticed, and while it’s not the most elaborate one, it still looks pretty convincing. Continue reading for details.
Users get an email, seemingly from PayPal, that informs them that their account has been accesses from an unknown device, which would, of course, immediately alarm anyone. There would also be a “Check It Here” button, which would lead to scam websites, pretending to be PayPal. For future reference, if you check who sent the email, it might say PayPal or provide a somewhat legitimate seeming email address, but carefully inspect it for mistakes. For example, ‘rn’ might be used instead of ‘m’. Search the email address with a search engine, and check official PayPal email addresses.
If you click on the provided button, you would be taken to a phishing website that looks identical to PayPal at first sight. You would be asked to provide your email address and password, and if you do, you are giving away your credentials to scammers. After you ‘log in’, you will be shown a message explaining that unusual activity was detected in your account and thus, your account has been limited. If you proceed further by pressing the provided link, you will be asked to put in your personal information, including name, data of birth, address, etc.
After you provide your personal information, you will be asked to type in your card payment data, including card holder name, card number and expiration date, as well as the CVC (the 3 or 4 digits on the back of the card). If you proceed further, you are asked to provide your banking information, such as account number and bank name.
If you put in all the required data, whether it is legitimate or not, you will be shown a message thanking you for taking the time to restore your account. Now all that data is in the hands of criminals. Bear in mind that you could have put complete nonsense in every field and it still would have been accepted.
If you now realize that you have fallen for this or any other phishing attempt, go to your account directly and change all your login details, including the email you have connected to your account. If you have provided your card and bank details, contact your bank, who will help you secure your account.
How to spot a phishing attempt
If done correctly, phishing scams can seem very convincing but there are a few things that could give you a clue about whether it is legitimate.
These kinds of phishing emails usually end up in the spam folder but that does not really mean anything as a lot of legitimate emails might be forwarded there by mistake. However, if you retrieve it from there, you need to be extra careful about its contents.
A huge clue is the greeting used. If you are a customer, whether it is for PayPal or any other company, you will always be addressed by name, whatever you have provided them with when signing up, not ‘user’, ‘member or ‘customer’. If your name is not used, it is likely a spam email and you should no longer be concerned with it.
Again, whether it is a PayPal email or the sender is someone else, you will never be asked to provide your personal or financial information, so if the email is asking for it, simply delete the email. You will also never be asked to download a document/program attached to an email. The website you are redirected to by the email can also be a big clue. Check the URL carefully and see if the connection is secure. Most, if not all legitimate company websites have a secure connection.
If you are ever in doubt about the legitimacy of an email related to your account somewhere, just go to it directly. For example, if you get a PayPal email and you think it could be a phishing attempt, take note of the contents and go to your account directly, not via email. If when you log in, you get the same warnings as in the email, it is real. However, if you find no indication that your account has been comprised, as the email claims, you likely just avoided giving away your banking information to crooks.