Recently, Gmail users were targeted with a phishing scam, and now it’s time for PayPal since it is undoubtedly one of the most used online payment systems in the world making it a perfect target for cybercriminals. Eset, a cybersecurity firm, has discovered a phishing scam targeting PayPal users to steal their login credentials.
In this scam, cybercriminals are sending fake emails tricking users into believing that their PayPal account has been limited due to “some unusual activity” which can be resolved only through contacting the official PayPal by clicking on the link embedded in the email. However, the bad grammar and syntax used in the email are enough to expose that the email was sent by crooks, not the PayPal security team.
Upon clicking on the login tab and filling the login bars with their PayPal email and passwords users are taken on a website which has nothing to do with PayPal yet an official-looking PayPal warning page is displayed explaining to users how their account was put on restriction and instructing them that in order to claim their account back they need to click on the “Continue” tab.
This means the scammers are not only after your PayPal but something more. This is where the scam initiates its final attack by taking users on to another official PayPal looking page and asks for their full address, city, state, zip/postal code, country, phone number, mother’s maiden name, date of birth and social security number (SSN).
Since PayPal never asks users for their SSN number this is another example how unsuspecting users should identify a scam. The reason cybercriminals are after user’s family and financial details could be to conduct a large-scale identity scam using their credentials or to carry another scam on another network.
Although this scam uses a fake email to steal PayPal login, it is indeed a fact that twice in the past scammers used government emails for similar scams. Also, currently there are several other scams targeting PayPal users including “Confirm new security question scam, suspicious activity scam, payment made without permission scam and changes to legal agreement scam.
If you have an account with PayPal, it is advisable to log in to your PayPal account by entering the web address into your browser’s address bar or via an official PayPal app. The PayPal website has a verified green signature as shown in the screenshot below:
PayPal users are also often hit by smishing scams where cybercriminals send phishing links in text messages. Either way, to protect yourself from such scams never download any file or click any link sent by an unknown sender and check Hackread’s exclusive report explaining how one can identify and protect themselves from phishing scams.