Published: August 5, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
PayPal, one of the world’s most popular platforms for sending, spending, and receiving money has yet another scam on its hands. This latest phishing con is ongoing and has not yet been addressed by PayPal. Since its founding in 1998, many PayPal users have been caught up in one theft or another thanks to hackers who are after their money. This time, however, this latest phishing scam goes for broke. These cybercriminals try to get as much of your PII (Personally Identifiable Information) as they can by using pages of forms to fill out. It also includes getting you to upload scans of your picture ID’s and/or credit cards. If it sounds crazy and it is–but it’s working. So, if you have a PayPal account, know someone who has one, or are thinking of opening one, do yourself (or them) a favor and keep reading.
Like so many online scams, this latest one also starts with email phishing tactics. PayPal customers receive an email from the company, alerting them that their account has been locked. The supposed reason is the account was allegedly logged into from a new device. Phishing for your money and your PII is what these cyber creeps are really after. For all purposes, the email looks like the real deal, but this is when paying close attention to detail pays off. Checking closely, the link in the email has a “bit.ly” address at the end of the URL–a major red flag. Once the link is clicked, users are quickly redirected to a PayPal phishing page. From there, several other pages pop-up, all of them asking for different types of PII. The final page, however, asks the user to upload a photo ID or credit card; also something new for PayPal phishing attacks.
Waiting for PayPal to go public with this scam could be very costly. But if you didn’t know before, now you do know. Not only can your account and its money be stolen in a flash, but your identity is also up for grabs. Following basic anti-phishing tips can help keep you from becoming phish food in the PayPal pond. First, never open spam emails and do not click on any links that may be in them. Typing-in the real URL yourself sends you to the legit website where you can find out if your account has been compromised and if your PII is truly needed. Also, carefully check any URL for spelling errors as they can be very tricky to spot, Look very carefully. Beware of emails that sound too good to be true or play on your emotions in any way. Using 2FA (two-factor authentication) is an effective way to add a layer of security to logging-in. Lastly, keep tabs on your PayPal account…your real account. It’s a great way to catch any unusual or suspicious transactions and report them immediately to PayPal.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org