- Oct 23, 2012
- 12,527
When you’re a PayPal user, you’re somewhat used to being extra careful when you receive emails about your balance and whatnot since there have been countless phishing campaigns over the years. Well, now there’s a new one.
This new phishing campaign targeting PayPal users makes use of fake pages that are remarkably well done, which makes them hard to distinguish from real ones. According to ESET researchers, this attack uses a highly convincing bait, takes you through fake websites that look real and pretty much tricks you into revealing your login credentials and other personal information.
The emails people receive include logos, wording that looks just about right at first glance. When you look deeper into the problem, you might notice grammar and syntax errors suggesting the author isn’t a native English speaker.
This new phishing campaign targeting PayPal users makes use of fake pages that are remarkably well done, which makes them hard to distinguish from real ones. According to ESET researchers, this attack uses a highly convincing bait, takes you through fake websites that look real and pretty much tricks you into revealing your login credentials and other personal information.
The emails people receive include logos, wording that looks just about right at first glance. When you look deeper into the problem, you might notice grammar and syntax errors suggesting the author isn’t a native English speaker.
So how this work?
Well, these emails tell you that PayPal needs help resolving an issue with your account and that there are some temporary limitations to the account until the problem is solved. This should make you want to hurry up and fix whatever is causing trouble. The email conveniently includes a “log in” button at the bottom of the page. Click it, and you’ll be taken anywhere but the official page of PayPal.
Sure, the page might look real, but the URL is anything but, indicating that it’s all a hoax. Once there you will have to enter your login credentials which will effectively go out to the scammers. You are then presented with data to back up the “limited account” lies presented in the email.
The next page you’re taken to makes this scam even more dangerous because this is where they try to steal your identity. You have to provide your address, phone number, mother’s maiden name, social security number, date of birth and more. What’s more is that you won’t be able to interact with PayPal until all this data has been provided, so you’re fooled into a sense of urgency to get to the end of the line.
Avoid traps
Such campaigns are quite well crafted, but you should remember that it’s all fake and that you should never ever try to fix an account problem on any service by tapping the buttons you are provided in these emails. Some may be real, but most are probably not. Just open your own PayPal (in this case) page in a different tab, log in there and see if there are any issues to fix in the first place.
For the record, when it comes to PayPal any request for more information to remove limitations for your account come via email and do not contain any link or button as those we’ve seen in this scam. The email will address you by full name, and they’ll contain the data that you need to provide and a full explanation as to why this happens.
Furthermore, when logging into PayPal, you’ll have to upload copies of utility bills, bank statements and so on, not to input your information by hand. Either way, you should make sure, as previously stated, to open your own account page and not to click on links sent in emails or to open attachments in unsolicited emails. Even if you, for some reason, tap on those links, make sure the URL in the address bar is what it’s supposed to be. Most browsers nowadays will flag suspicious pages, but you should look nonetheless in case it has missed detection.