Since the pandemic hit, much more of our life has taken place online and many of us have turned to online shopping. Unfortunately, this has also increased cybercrime, with criminals stepping up their efforts to target online shoppers with phishing attacks.
What is phishing?
Phishing is an illegal attempt to “fish” for your private and sensitive data such as usernames, passwords, and credit card details. Similarly, smishing is when a scammer sends a text to your phone number on any platform with a fake phone number or URL with the same intention. One of the most common phishing and smishing scams involves sending an email or text that fraudulently claims to be from a well-known company, like PayPal. These often link to fake websites (that look real!) where your information can be collected if you type it.
At PayPal we go to great lengths to protect our customers. However, there are precautions we should all take to avoid falling victim to phishing scams. Here are our top ten tips on how to better recognise dubious emails, texts and websites, and keep your personal data protected:
- Check the basics: Look out for spelling mistakes and grammatical errors, which are a common tell-tale sign of a fraudulent message.
- Verify its authenticity: Phishing scams often mimic the look and feel of PayPal emails or texts and ask you for sensitive information – something that we will never do. At PayPal, we will always address you by the full name on your PayPal account. Remember to always check the recipient email address when replying to emails, especially check the domain name to make sure it is a real PayPal domain.
- False sense of urgency? Be wary of communications that conjure a sense of urgency; many phishing scams tell you that your account will be in jeopardy if something critical is not updated right away.
- Spot the difference: A genuine PayPal message will only ever address you by your full name, or your business name – anything that starts differently should immediately raise your suspicions. Be wary of impersonal greetings like “Dear User” or your email address.
- Beware attachments: A real email from PayPal will never include attachments. You should never open an attachment unless you are 100% sure it’s legitimate, because they can contain malicious content such as spyware or viruses.
- Avoid following links: If you receive an email or text you think is suspicious, do not click on any links. When on your desktop, you can check where a link is going before you click on it by hovering over it – does it look legitimate?
- Log into PayPal: If you receive a suspicious email or text claiming to be from PayPal, don’t act on the message, click on any links or call the number it is sent from. Instead, open your browser, log into your PayPal account and check for any new activity. If you are required to take any action – you will have a secure message waiting within your PayPal account.
- Keep tabs on your information: Limit the number of places where you store your payment information online by using a secure digital wallet like PayPal. If you make a purchase online with PayPal and your item doesn’t arrive or match the product description – we may be able to reimburse you through our Buyer Protection.
- Easiest of all, use common sense: If a deal looks too good to be true – it probably is! Steer clear of clicking on links to exceptional offers or anything that is unbelievably discounted from what you would expect to pay.
- Report it: If you think that you’ve received a phishing email, you can forward it to phishing@paypal.com without changing the subject line for our team to investigate.
Over the years, the advancement in cybersecurity has forced hackers to upgrade their ways to engage with their targets. Here are few new trends seen in Phishing:
Smishing
Smishing is when a scammer sends an SMS message to the user’s phone number with a bogus phone number or URL. The message is usually urgent like:
“Your PayPal account has been suspended due to suspicious activity. Please contact us immediately at 0123-4567. It is imperative that we speak to you immediately.”
If you call the number, the user is confirming that they have a PayPal account. Target talks to a fraudster who will ask for account information so they can steal from the account.
Similarly, a URL link in a text message on a smartphone could lead to a fake look-alike website.
Vishing
Fraudsters sometimes use an automated system to make voice calls, reporting urgent account problems and asking for account information. This is called Vishing (Voice Phishing). Here’s an example of what a vishing call might sound like:
"This is PayPal calling about a possible fraudulent transaction on your account. Please enter your password now to hear the transaction details. We need your immediate response to block this transaction."
When users enter their password, scammers get vital information to access the account.
Even if the Caller ID says “PayPal,” it’s not enough for you to trust the call. Scammers can easily fake a Caller ID, and it’s impossible to be sure the call is coming from where it says it is. When in doubt, do not provide your account information unless you are certain that you are speaking to a PayPal customer service representative, for example, if you initiated the phone call to an authentic PayPal customer service number.
Find out more about how to help us combat fraud by reporting suspicious emails, websites, and texts on our website here.
Remember – the best protection against phishing attacks is to exercise caution and type the URL and keep helpline numbers handy for any questions and assistance. Follow our top ten tips to protect yourself and your data, and don’t get caught out.