A new phishing scam is hitting inboxes and pretending to be from PayPal. Here’s what you need to know:
A phishing email is making the rounds with the subject line “[Urgent] Account Verification Required”, claiming to be from ‘PayPal Support’. This scam email alerts you that there’s been some unusual activity on your account.
What’s the Scam About?
Cybercriminals have put in quite the effort with 23 different phishing links identified by MailGuard. All these links redirect to a fraudulent site, ‘paypallegally[.]com’, which was registered at 1 am AEDT, right before these scam emails started showing up.
The email’s display and sending address, ‘no-replys@paypal-inc[.]com’, looks very similar to legitimate PayPal addresses. This resemblance can easily trick users who don’t scrutinise the details.
How Does It Work?
-
- Clicking the Button: The email contains a ‘Secure my account’ button. Once clicked, it directs users to a fake login page asking for your PayPal credentials.
-
- Entering Login Details: After entering your email and password, you’re then asked to confirm your identity by providing your full name, credit card number, expiration date, and CVV.
-
- SMS Verification: Finally, you’re prompted to enter an SMS verification code, suggesting scammers use previously gathered information to access your PayPal account.
Spot the Red Flags
Despite the scam’s technical sophistication, grammatical errors can tip you off. With nearly 300 million users, especially around holiday shopping time, PayPal is a prime target for cybercriminals.
What to Do if You Receive a Suspicious Email
-
- Avoid clicking links in emails that are not addressed to you by name or contain poor English.
-
- Be wary of unexpected emails from businesses.
-
- Don’t download any files or click on links leading to unfamiliar websites.
Protect Your Business
If your company’s email accounts aren’t protected, these scams are likely reaching your staff. Cybercriminals thrive on mistakes, and without email filtering, it’s just a matter of time before someone clicks on the wrong thing.
Remember, it only takes one cleverly worded email to compromise your business. Protect your team and stay safe!