Since the pandemic hit, much more of our life has taken place online and many of us have turned to online shopping. Unfortunately, this has also increased cybercrime, with criminals stepping up their efforts to target online shoppers with phishing attacks.
What is phishing?
Phishing is an illegal attempt to “fish” for your private and sensitive data such as usernames, passwords, and credit card details. Similarly, smishing is when a scammer sends a text to your phone number on any platform with a fake phone number or URL with the same intention. One of the most common phishing and smishing scams involves sending an email or text that fraudulently claims to be from a well-known company, like PayPal. These often link to fake websites (that look real!) where your information can be collected if you type it.
At PayPal we go to great lengths to protect our customers. However, there are precautions we should all take to avoid falling victim to phishing scams. Here are our top ten tips on how to better recognise dubious emails, texts and websites, and keep your personal data protected:
Over the years, the advancement in cybersecurity has forced hackers to upgrade their ways to engage with their targets. Here are few new trends seen in Phishing:
Smishing is when a scammer sends an SMS message to the user’s phone number with a bogus phone number or URL. The message is usually urgent like:
“Your PayPal account has been suspended due to suspicious activity. Please contact us immediately at 0123-4567. It is imperative that we speak to you immediately.”
If you call the number, the user is confirming that they have a PayPal account. Target talks to a fraudster who will ask for account information so they can steal from the account.
Similarly, a URL link in a text message on a smartphone could lead to a fake look-alike website.
Fraudsters sometimes use an automated system to make voice calls, reporting urgent account problems and asking for account information. This is called Vishing (Voice Phishing). Here’s an example of what a vishing call might sound like:
"This is PayPal calling about a possible fraudulent transaction on your account. Please enter your password now to hear the transaction details. We need your immediate response to block this transaction."
When users enter their password, scammers get vital information to access the account.
Even if the Caller ID says “PayPal,” it’s not enough for you to trust the call. Scammers can easily fake a Caller ID, and it’s impossible to be sure the call is coming from where it says it is. When in doubt, do not provide your account information unless you are certain that you are speaking to a PayPal customer service representative, for example, if you initiated the phone call to an authentic PayPal customer service number.
Find out more about how to help us combat fraud by reporting suspicious emails, websites, and texts on our website here.
Remember – the best protection against phishing attacks is to exercise caution and type the URL and keep helpline numbers handy for any questions and assistance. Follow our top ten tips to protect yourself and your data, and don’t get caught out.