Phishing scams are becoming more sophisticated than ever before, from social media platforms to financial services companies.
The Phishers’ Favourites Report of Q4 for 2019, US e-mail security specialists, Vade Secure, highlighted the 25 most impersonated brands in phishing attacks around the world – and you might be surprised to learn that are some of the most recognised names around.
It clearly shows how PayPal and some of the world’s most popular social media platforms, such as WhatsApp, are some of the most popular platforms to be targeted. In this article, we are will explain some of the risks so you and your team can prepare and protect your business.
How not to be caught by PayPal phishing scams
First things first, you need to understand the threat. Phishing is a fraudulent attempt to obtain sensitive data, either personal or within your business (such as credit or bank card details, usernames and passwords) by using e-mails specifically designed to appear like they been sent from a legitimate source, such as PayPal.
Though email is the most popular form of phishing it is also often done via text or instant messaging. Once you have clicked on a link you will be asked to enter details on a website that look remarkably similar to what they claim to be, such as PayPal.
Why PayPal is the most popular target for phishing
Last year, on an average day, Paypal had threats coming from 124 unique URLs, making it the most popular target for phishing scams. PayPal’s popular with the phishing community because it has nearly 300 million active users, many with small to medium-sized companies making them a popular target.
A recent PayPal phishing e-mail informs you that there has been a ‘New login from unknown device’ on your account, and your service will be limited until you log in and confirm that is was you.
How to tell genuine PayPal communications from the fake
The problem is that certain platforms do contact you when an unknown device has been used with your log in.
How to spot the PayPal phishing scam e-mail
While the real messages and the phishing scams might look alike if you study the way it’s written, it is possible to differentiate the two. Here four ways you can spot a scam email.
Proper nouns and brand names
If you see the word ‘chrome’ but with a lower case ‘c.’ – this could mean its a scam. Chrome should be capitalised as it’s a proper noun. Whatsmore, it is normally spelt out in full as in ‘Google Chrome.’ This could be a sign that the writer is not a native English speaker, and it is a scam.
If you read a paragraph and it feels that parts are repeated, such as ‘you account’ written close together, this also could be a telltale sign. Also, think of it doesn’t sound very natural when you are reading it. A real email from Paypal will be carefully written without any repetition.
Login or log in
The misuse of ‘log in’ and ‘login’ is another obvious one. They have different meanings and usage. ‘Login’ is a noun which is used in when talking about a username and password (i.e. ‘Enter your login details’).
However ‘Log in’ is a verb which is talking about the process of ‘logging in’ (i.e. ‘Please log in to your account’).
Unusual or suspicious e-mail address or URLs
If you catch sight of an unusual email address or links to strange websites it is almost certainly a phishing email.
Don’t click on any links on the page, but try to return to the websites home page to see if it is a real website. If it redirects you to a blank page, it’s certainly not Paypal.
Where the PayPal phishing scam e-mails take you
If you click on a link phishing link sent to you, you will likely be re-directed to a website that looks similar to the PayPal site.
They may even add a captcha function to appear more sophisticated (such as ‘Click on all the photos that include a car’).
Also, the web address might come with a green padlock next to it, which many people think means it is a legitimate site. However, this symbol only signifies that the site has an SSL certificate, meaning the information shared between your computer and the website is encrypted.
Taking the PayPal phishing scams to the next level
Once the phishing websites ask you for your details, and they have been handed over, most scams stop there because they have achieved their goal – however, this might just be the start.
You may even see a series of screens asking you to confirm other personal details, including billing address, payment card details etc. If you comply with these requests, the problems you are facing have multiplied considerably. Scammers with more advanced information may be able to access bank accounts along with many other aspects of your personal or business security.
Why PayPal phishing scams on social media continue to surge
Most phishing attacks on WhatsApp is the result of a campaign inviting recipients to the so-called Berbagi WhatsApp group, which advertises pornographic content.
Facebook’s popularity for phishing scammers is probably down to the rising numbers of users using the ‘Facebook Login’ when using other websites. If scammers have your Facebook credentials, it’s easy for them to see what apps you’ve authorised via social sign-on—and then attack those accounts. Scammers may then harvest your credentials and try to reuse your passwords with other online services. Try to use different passwords across platforms as it is the first line of defence to these attacks.
How to stay scam-safe
Phishing attacks are evolving rapidly and criminals are becoming ever more sophisticated.
It’s important for you, your team and your business as a whole to stay alert and to be wary of the phishing scams by not clicking on, opening or downloading anything that looks remotely suspicious.
Make sure you stop and check everything properly in order to keep your business, IT infrastructure, IP, data and confidential client information safe and secure.
About Mustard IT, your technology partner
Mustard IT is a trusted team, experienced with the latest technology and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.