PayPal is the payment service that has gained huge popularity and rightfully so – it’s secure, it’s easy to use, it allows you to buy pretty much whatever you want without leaving your house… The list could go on and on. Unfortunately, cybercriminals know about it too. So they try to attack it all the time and also create various phishing scams that’re designed to make you part with your money. PayPal is very often tied to a bank account or a credit card, so you risk losing thousands of dollars if you’re not careful.
The scam that we’re going to tell you about this time was discovered by security researchers from ESET and is extremely sophisticated – it looks just like the messages sent by PayPal, complete with their logo and a fine print. You’re informed about your account experiencing certain problems and told that you need to fix them immediately. A “Log in” button is provided for your convenience, and clicking on it opens the webpage that offers you to fix whatever’s wrong. It’s not paypal.com, mind you, but it still looks like the site that can be trusted – after all, it even has the lock icon in the address bar, which is a sign of the page being secure. You’re then asked to fill out the form, which includes home address, phone number, and other personal information. All of this, of course, gets stolen by con artists and then you lose a sufficient amount of money from your account, if not all of it.
You have to give credit where it’s due – people behind this phishing attack have really put a lot of work in it. However, there’re some mistakes that were made by them. And we’re here to tell you about those.
The certification field says “secured and certificate by”. Phone number field tells you to “use for fraud alert”. Mother’s maiden name is needed “for security reason”. Financial institutions rarely make grammatical mistakes, and PayPal is certainly not about to start now. Seeing those things is pretty much enough to realize that you’re being lied to.
But let’s not stop here, shall we? The email is not sent from paypal.com, which, again, is enough to let you know that you shouldn’t open any links and shouldn’t believe in what you’re told. To top it off, there’s a grammatical mistake here as well – “we’ve place a limitation on your account.” A company like PayPal, which values its reputation, will just not send out messages without checking them for errors first. That’s why you can delete this one without second thought – your account is alright and will remain that way.
It should also be noted that PayPal cares about the safety of its users and, quoting the company spokesperson, “proactively works with law enforcement agencies, industry partners and uses our own systems to protect customers against fraud.” Another quote – “We also ask that customers remain vigilant to protect themselves against criminals illegally gaining access to account credentials.” So don’t worry – you’re being looked after.
You now know that you must avoid emails that come from dubious addresses, and you also have to read them carefully. If they contain grammatical mistakes, delete them. If they say that they were sent by PayPal, but actually have a different address, delete them. And if you want to be completely sure that nothing is wrong with your account, sign in to it from a different tab, without opening any links in the email. If it has any problems, you’re going to be informed about them. Until then, don’t waste your time worrying – your finances are protected and they won’t be stolen by anyone, unless you let them to. And if you won’t click on any suspicious links and won’t give away your personal information, everything will be alright.