Around 200 million people have a PayPal account. It’s been one of the most popular online payment services for years, which is why it’s such a popular target for phishing scams. Since they’re tied to your credit card or bank account, they’re particularly prized by cybercriminals.
Security experts at ESET recently discovered a new PayPal phishing scam that they say is particularly sophisticated. The emails these fraudsters are sending out are convincingly written and feature the PayPal logo and there’s even a bit of fine print at the bottom for added effect.
According to the message, there’s a problem with your PayPal account and you need to log in immediately to correct it. Click the “log in” button in the message, and you’ll be taken to a website where you can “fix” the problem. It’s not PayPal’s website, of course. But if all you’re looking for is the lock icon that accompanies a secure site, you’ll see that — ESET notes that that the phishing form is transmitted over an HTTPS link.
Keen-eyed users will spot the suspicious domain name right away in their browser’s address bar. It’s not hard to see how less savvy folks could be fooled by the form, though. The color scheme follows PayPal’s, their official logo on the page, and it’s “stamped” 100% secure and verified by Symantec.
How To Avoid Being Scammed
The scammers behind this PayPal phishing attack have put in a lot of effort, but they’ve also made plenty of mistakes. Spotting those slip-ups is the key to staying safe.