How Hackers Are Exploiting PayPal Phishing Scams During The Coronavirus Pandemic
PayPal is the world’s largest online payment processor. It acts as an intermediary between buyers and sellers. Users can transfer money securely through its digital platform.
It has grown to be a very popular service, with a global client base of 277 millions. This success has its downsides. The company is now one of the most targeted for Phishing attacks.
PayPal, like most major online financial service providers, uses a variety of security tools such as data encryption and anti-fraud technology to protect users from fraud and stop scams. But criminals looking to exploit this mass-market worldwide have devised clever ways to bypass these security measures.
There are many types of PayPal scams. They include phishing emails and spoofed websites. Suspicious links and malicious posts on social networks. These scams are disguised as official correspondence and designed to trick as many people as possible into divulging sensitive information.
These scams are constantly changing, so we have listed four of the most common PayPal scams.
The Most Common PayPal Phishing Scam
Scam 1 – Phishing emails – A problem with your account
This is the most popular type of PayPal scam that tries to trick people into clicking malicious links. Fraudsters may send you an email informing you of a problem with your account. This could include: “Your account is about to be suspended”, “verify your account” or “suspicious activities have been detected on your Account”. These links are designed to get an immediate response. The link will either infect your device or redirect you to a phishing website, which is set up to steal your information.
Image: PayPal Phishing Email (Source: CSO online).
Scam 2 – Phishing website
After the fraudsters have convinced you to click a malicious link they will now convince you that it is PayPal’s official site. The page will be made as authentic as possible, and may even look almost identical to the real thing. They will replicate the branding, colors, and wording of the official site and hope users will not question its legitimacy.
Image: Fake PayPal Phishing Website (Source: Cisco).
Scam 3 – Social Media Scams
There has been an increase in scams using PayPal on social media over the past few years. These phishing scams often appear in promoted or shared social media posts. The ultimate goal is to redirect you to a website that will ask you for your personal information. Fraudsters tried a similar scam with Twitter in January. They bought advertising space and claimed to be an official Twitter employee, offering users the chance of entering a sponsored sweepstakes.
Image: Fake PayPal Promotion Twitter (Source: Digital Information World).
Scam 3 – You are a winner
An email may be sent to you confirming that you have won a prize. However, to receive the prize, you will need to pay a small handling charge. If you have won a prize in a competition that you have never entered, this is a red flag. PayPal advised customers that legitimate prizes would not ask for payment and that they should never be sent to people you don’t know.
Image: Fake prize winner appears (Source: Fix your browser).
How to spot a PayPal Phishing Scam
1. The email address
PayPal.com is the only place that an official PayPal email will come from. Click on the address bar to check the sender’s address. If the email address doesn’t come from the official domain it is likely a fake.
3. A sense of urgency
Fake PayPal emails tend to use generic greetings like “Dear Customer” or “Dear User”. If PayPal were sending you an official email, they would address you by either your first and last name or your business name.
3. An urgency
The goal is to convince the user to act fast and not think logically about the request, as with all phishing scams. Emails will frequently warn you that your account must be updated immediately or that suspicious activity was detected on your account. Fraudsters want you to ignore warning signs and take swift action to fix any account problems. PayPal advised that you could log into your account via the official website if there were urgent matters.
4. You are asked to click on attachments or links
Pay attention to any email asking you to download an attachment or click on a link. PayPal will not send you emails that contain attachments or links to software download links. Although it may appear legitimate, a link will take you to a phishing site that will steal your information or infect your computer with malware. It is possible that the URL does not contain the word “PayPal”, even though it appears to be an official PayPal website. To see the true destination of the link, hover your mouse over it. If you have any doubts about its authenticity, don’t click.
5. 5. Requests for financial or personal information
These scams have one goal: to steal your personal information or con you out with money. Alarm bells should ring if you get an email asking for sensitive information. PayPal will never ask customers to provide their full names, bank account numbers, passwords, or answers to security questions via email.
6. Grammatical and spelling errors
It is often easy to tell if an email has been forged by spelling and grammar errors. Large multinational companies like PayPal will employ copywriters to proofread every piece of correspondence. Customers will not receive emails that contain spelling errors.
Reporting a suspicious PayPal Phishing Email
You can forward any suspicious emails to PayPal. They will then investigate. The company has created a special email address where users can forward suspicious emails. firstname.lastname@example.org is the address. It is best not to alter the subject or send the message as an attached. You should delete the email immediately after it has been sent.