We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info
PayPal users have been put on red alert about a new scam email spotted by security experts. The email at first glance looks innocuous enough, saying a PayPal user has been contacted so a live chat session can be set up. The body of the email looks convincing with links in the email leading to the official PayPal website to make the message seem more authentic.
A ‘Help & Contact’ link and – ironically – a ‘Learn to identify Phishing’ link in the email all lead to real PayPal pages.
This might be enough to trick a PayPal user into agreeing to an alleged live chat session.
And that’s when a lot of the red flags start to emerge.
As highlighted in a post by anti-phishing solutions provider Cofense, automated scripts on the alleged live chat will ask PayPal users a series of questions that get increasingly more intrusive.
Android unveils new security and privacy features for users
It will begin by asking for an email and address, then a phone number and finally – which is of most concern – credit card information.
An alleged verification code is then sent to the mobile number the PayPal user provided and the threat actor may even attempt to call the targeted victim.
But this is all part of a complex phishing attempt designed to steal sensitive information from a victim.
Speaking about the threat, Cofense said: “This attack demonstrates the complexity of phishing attacks that go beyond the typical ‘Forms’ page or spoofed login. In this case, a carefully crafted email appears to be legitimate until a recipient dives into the headers and links, which is something your average user will most likely not do.”
Thankfully though, there are a number of red flags that PayPal users need to look out for when trying to see if a message or website they’re looking at is authentic.
Firstly, while this latest phishing scam adopts some complex methods to steal user info – there is one tell-tale sign all is not what it seems.
That’s because the email address the message was sent from is not associated with legitimate PayPal emails.
Not only that, but if anyone misses this and heads to the alleged live chat site then the URL is a big giveaway.
Not only does the alleged live chat site not a real PayPal URL, but the web page address is not even remotely linked to the PayPal name.
Source: Read Full Article