Criminals are using scam emails that purport to be from PayPal to steal money from unsuspecting victims. According to police reporting service Action Fraud, there has been a glut of scam PayPal emails since the 1st February 2013 which aim to lure people into passing over their details. One victim recently went public with her experience, explaining how an email that seemed to come from PayPal asked her to change her password. She then lost £1500 from her bank account, after filling in a form at the Criminal’s website, not PayPal.
Victim of new ‘phishing’ PayPal scam speaks out
PayPal says that their emails always address customers by their first and last names rather than “Hello” or “Dear PayPal Member”. Also if you do get an email from PayPal asking you to do something then go directly to the PayPal website and log in there.
Here are some tips for spotting fake emails:
10 ways to recognize fake paypal scams and (spoof) emails
- Generic greetings. Many spoof emails begin with a general greeting, such as: “Dear PayPal member.” If you do not see your first and last name, be suspicious and do not click on any links or button.
- A fake sender’s address. A spoof email may include a forged email address in the “From” field. This field is easily altered.
- A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don’t update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.
- Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a spoof website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.
- Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.
- Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
- If you see an @ sign in the middle of a URL, there’s a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
- Even if a URL contains the word “PayPal,” it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com, www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
- Always log in to PayPal by opening a new web browser and typing in the following: https://www.paypal.com/
- Never log in to PayPal from a link in an email message.
- Misspellings and bad grammar. Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
- Unsafe sites. The term “https” should always precede any website address where you enter personal information. The “s” stands for secure. If you don’t see “https,” you’re not in a secure web session, and you should not enter data.
- Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.
- Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.
Get one third off your web and email hosting
If you have received any suspicious, forward them to spoof@paypal.com – more information here: Report a security problem to PayPal.
Update: We have also recently heard of a new quite sophisticated phishing scam involving a letter sent to a Halifax bank customer.U using official letter-headed mailings, and bearing the correct online user name. The letter stated that the customer needed to renew her online permissions by setting a new password. See more information here: Have you received this letter from your bank? You could be the target of the latest phishing scam
Please get in touch if you have any concerns about this and other security issues. Visit these pages to find out more about our services: web design, web hosting, SEO or email marketing – submit our enquiry form or visit our web design Rugby home page. See our blog page for the latest news.
