PayPal users should beware of a new and convincing phishing email desinged by fraudsters to steal valuable information.
Though it follows the same "unusual activity in your account" model for a scam, the email is very realistic. It says that PayPal needs help resolving an issue with your account, so you’re temporarily restricted on what you can do with it.
To do this, you’ll need to log in to your ‘PayPal’ account to confirm your identity. The message says that your account access will remain limited until you ‘complete the necessary steps’.
It contains a link which will allow you to ‘review your account’ which will take you to a bogus, albeit genuine-looking, sign-in page.
What makes it convincing
Normally scam emails are littered with spelling and grammatical errors, but this one doesn’t have the same glaring errors.
The design is slick and streamlined too, with no obvious indication the logo is a dud.
How to stay safe
Phishing emails are fairly common, but they also easy to spot if you keep an eye out for these red flags:
- Look out for generic greetings like ‘Dear user’ or ‘Hello, PayPal member’. PayPal says that it will always address you using both names when it sends you an email;
- Check the domain name of the sender’s email address. If it says anything other than @paypal.com, don't trust it;
- Hover over the hyperlink in the email and it’s likely to be going to a dodgy address. Just make sure you don’t actually click on it;
- If there’s time pressure on you to act, don't;
- If you’re asked for any sensitive information like your credit card number or PIN, your full name or the answers to your security questions, be extra cautious. PayPal won’t ask you for this information over email.
The only emails that will ask you to click a hyperlink are the ones which are asking you to reset your password or confirm an email address. However, you normally set this up yourself through PayPal so you’ll be fully aware of it.
If you receive this email, don’t click on any of the links. Instead, forward it to firstname.lastname@example.org without changing the subject line or forwarding the message as an attachment. Delete the email after you’ve sent it off.