PayPal Users Hit with Account Limited Phishing Scam

Recently, Gmail users were targeted with a phishing scam, and now it’s time for PayPal since it is undoubtedly one of the most used online payment systems in the world making it a perfect target for cyber criminals. Eset, a cyber security firm, has discovered a phishing scam targeting PayPal users to steal their login credentials.

In this scam, cybercriminals are sending fake emails tricking users into believing that their account has been limited due to “some unusual activity” which can be resolved only through contacting the official by clicking on the link embedded in the email. However, the bad grammar and syntax used in the email are enough to expose that the email was sent by crooks, not the security team.

Screenshot of the fake email
READ  Anonymous Hacks European Space Agency Domains

Upon clicking on the login tab and filling the login bars with their email and passwords users are taken on a website which has nothing to do with PayPal yet an official looking PayPal warning page is displayed explaining to users how their account was put on restriction and instructing them that in order to claim their account back they need to click on the “Continue” tab.

This means the scammers are not only after your PayPal but something more. This is where the scam initiates its final attack by taking users on to another official PayPal looking page and asks for their full address, city, state, zip/postal code, country, phone number, mother’s maiden name, date of birth and social security number (SSN).

Since it never asks users for their SSN number this is another example how unsuspecting users should identify a scam. The reason cyber criminals are after user’s family and financial details could be to conduct a large-scale identity scam using their credentials or to carry another scam on another network.

Although this scam uses a fake email to steal login, it is indeed a fact that twice in the past scammers used government emails for similar scams. Also, currently there are several other scams targeting users including “Confirm new security question scam, suspicious activity scam, payment made without permission scam and changes to legal agreement scam.

READ  iPhone apps can access cameras to secretly

If you have an account on PayPal, it is advisable to log in to your PayPal account by entering the web address into your browser’s address bar or via an official PayPal app. The PayPal website has a verified green signature as shown in the screenshot below:

Always login from PayPal’s official website

PayPal users are also often hit by smishing scams where cyber criminals send phishing links in text messages. Either way, to protect yourself from such scams never download any file or click any link sent by an unknown sender and check Hackread’s exclusive report explaining how one can identify and protect themselves from phishing scams.

READ  Amazon pumps RS. 2,900 CR In India Marketplace