Phishing for Paypal

The Paypal Phishing scam is one of the most prevalent email scams on the web today and the spoof emails often look legitimate, using an email address that seems to match Paypal, using Paypal’s own logo and graphics that match the website.

But How Does It Work?

The trick to the scam is to get an unsuspecting user to click on the link. This link takes the user to a spoof site that may look very close to the real thing. Here the user will be prompted to log in (handing over their Paypal login credentials), and then enter personal data including banking and credit card information. This information will be sold later on the internet black market.

How Can I Tell?

How can you spot the scam? It can be tricky to find the clues, and generally it’s just easier to circumvent the problem entirely. Paypal won’t write you an email entitled ‘dear member’ or ‘dear customer’ – the company uses your real name or company name. They also won’t use a variant URL although this can be tricky to spot.  Instead, there are appropriate steps to take if you do think you are receiving a scam email.

What Should I do?

1) Don’t click on the link. This will take you to a spoof site. Instead, if you wish to log into your Paypal account, go to your web browser and type in the Paypal URL by hand.

2) Don’t download any attachments or programs. This goes for virtually any unfamiliar email attachment, but especially Paypal: the company will not send you these things.

3) Go to Paypal’s website and search help for ‘scam’ where the company will provide you with an email to forward to Paypal so they can follow up on who’s putting out that particular scam.

4) If you think your info has been stolen or you find suspicious activity on your account, there are steps to take as quickly as possible, to minimize the damage done.  Paypal has set up a Security Guide on the steps to take to combat fraud, if you believe you have been a victim.

Update 2/24/2015

Google has been sending out emails making reference to Google Play Phishing. This is exactly the same technique we mention above, but it’s directed toward Google Play Developers, designed to get them to click quickly, without thinking.

Remember, when in doubt, navigate through your browser to the proper website and check things out – do not click on readily supplied email links.