Scammers use the bait: ‘How To Restore Your Account’
Fishing ain’t what it used to be
PayPal is often targeted by criminals simply because it’s a financial platform. Scammers and phishermen target it because of its popularity; if a PayPal-related scam-mail is received, chances are that anyone with any disposable cash will have an account. And so, the recipient will probably have a vested (financial) interest in opening the mail; this is the bait – this is modern phishing – a little different from the days of the Waltons.
This particular campaign informs a user that their PayPal account has been limited, and that this is to ensure that ‘no unauthorized activity is don with your account’. The e-mail goes on to give instructions to lift these sanctions by opening an attachment and then providing ‘accurate information’ on the verification form.
If you rise to the bait…
If the bait is swallowed and the user clicks on the attachment, they are then taken to a fake PayPal site. This has a reproduction of the PP logo, and may fool some folks, especially if being viewed quickly on a mobile device. The page contains a form asking for personal details, as well as credit card number – everything needed for the criminals to make a transaction on the user’s behalf – and the user’s social security number. When all details are completed, clicking the ‘Submit Form’ button will send the victim’s credentials to the crooks, and divert the user to a page on the authentic PayPal ‘site (for veracity). Job done!
How to avoid the phishermen
Remember that PayPal NEVER request sensitive data in such such an unsafe way. To make an account, it is not necessary to provide a social security number (this should NOT be disclosed to ANYONE online apart from the IRS). PayPal and any legitimate ‘site would not send a link as an e-mail attachment. If it was really necessary to make account changes, a company may perhaps inform you, though requesting that you visit the site and log in using your existing ID.
Last – but by no means least – even though the system is automated, PayPal still has the courtesy to address its customers by name – not ‘Valued Customer’.
Don’t get caught!