Phishing scams are becoming increasingly more sophisticated and affect all types of businesses, from large corporate organisations to small sole traders and independent businesses. Personal devices and accounts are being targeted, through social media platforms such as WhatsApp. The following article will describe how to avoid different types of phishing scams and what to be aware of.
1. What Are PayPal Phishing Scam?
Before everything else, you need to understand the threat of a phishing scam. Phishing is a fraudulent attempt to obtain user sensitive data such as personal or business data like credit and bank details, usernames, and passwords by sending e-mails which are specifically designed to appear to be sent from a legitimate source. A common source used for these types of scams is PayPal.
Not only the email, text or instant message looks incredibly similar to the ones of the claimed sender, but once you click on the link in the message, the website asking you to enter details will also look remarkably similar to, in this case, PayPal.
A recent and popular PayPal phishing scam consists of an email informing you about a new login from an unknown device. The email prompts you to log in in order to confirm that it was you so stop the account from being limited.
2. Why Is PayPal A Popular Target For Phishing Scams?
On an average day last year, PayPal had around 124 unique URL from which threats were coming, making it the most popular phishing target. This popularity is due to PayPal having nearly 300 million active users with a large percentage being small to medium-sized companies which are often the most popular target for phishing scams.
3. How to Spot the PayPal Phishing Scam E-Mail?
While the real message of the phishing email might look similar to the ones of the original sender if you study the way it is written you will be able to differentiate the two. Here are four different ways to spot phishing mail.
Proper Nouns and Brand Names
If you, for example, see the word “chrome” spelt with a lower case “c” it might indicate a scam mail. “Chrome” should always be capitalised as it is a proper noun. Additionally, Chrome is normally spelt out as “Google Chrome”.
If you, when reading a paragraph, get the feeling that parts are repeated, such as “you account” written close together, this could also be a tell-tale sign. A real email from PayPal will be carefully written, so if you think it does not sound very natural that is a big indicator it might be a scam.
Login or Log In
The misuse of “log in” or “login” is another obvious indicator of a phishing scam. The term “Login” is a noun used when talking about a username and password (e.g. Enter your login details). “Log In” however, is a verb used when talking about the process of “logging in” (e.g. Please log in to your account).
Unusual and Suspicious E-Mail Address or URLs
Another way to be almost certain you have received a phishing email is by checking whether the email address or the links used are strange. What is important here is to never click on any links on the page.
4. Where Does the PayPal Phishing Scam E-Mail Take You?
If you click on a phishing link you are, most likely, going to be re-directed to a website which looks similar to the official PayPal site. They are likely going to add a “captcha function” in order to appear more sophisticated. An example of that could be a “click on all the photos that include a car” pop-up.
Besides that, the web address might come back with a green padlock next to it, which many people often associate with a legitimate site. The green padlock, however, only signifies that the cite has an SSL certificate, which indicates that the information shared between your company and the website is encrypted.
5. How Do I Stay Scam-Safe?
Phishing attacks are becoming increasingly sophisticated and are evolving rapidly over time. It is important for you, your team as well as your business to always stay alert and wary of potential phishing emails coming in.
Make sure to never click on, open or download anything that looks even remotely suspicious. Always make sure to stop and check everything carefully to keep your business and its IT infrastructure as well as IO and data secure.
It is important to never share personal or sensitive data with anyone. Authentication codes such as WhatsApp verification codes are often targeted by cybercriminals trying to gain access to your account. If access is achieved, you will be locked out of your account.
Astec IT keeps their customers safe by continuously educating their client’s staff and training them to notice when something is not right (e.g. spelling mistakes in the email or the name of the sender, etc.) or unusual requests are made.
Astec IT is a Sophos Partner, where we limit the number of phishing emails coming in by implementing anti-spoofing and anti-spam filters. Sophos is a high-end security software which creates an easy-to-use innovative protection. Sophos’ endpoint protection has won AV-test award for best usability. Through the use of this software, Astec IT checks emails against a database in order to quarantine suspicious activity and prevent users from interacting with phishing emails unknowingly.
Astec IT can empower your staff through training and education sessions, to develop habits, that keep your business safe from vulnerabilities posed by phishing. A recent example is where a client in the investment sector, called us to report the finding of a suspicious email in which a cybercriminal was pretending to be the director of the company – requesting invoice payments and other payment details.
Since the staff member noticed a spelling mistake in the email address and notified us immediately, we were able to check the email address and block the email as well as IP address, so the cybercriminal will not be able to contact other users.
If you want us to review your current IT infrastructure, and highlight where you are currently vulnerable, please get in contact with us to receive a free consultation.