Phishing Scams | How To Protect Yourself From Phishing Scams

Phishing scams are becoming increasingly more sophisticated and affect all types of businesses, from large corporate organisations to small sole traders and independent businesses. Personal devices and accounts are being targeted, through social media platforms such as WhatsApp. The following article will describe how to avoid different types of phishing scams and what to be aware of.

1. What Are PayPal Phishing Scam?

Before everything else, you need to understand the threat of a phishing scam. Phishing is a fraudulent attempt to obtain user sensitive data such as personal or business data like credit and bank details, usernames, and passwords by sending e-mails which are specifically designed to appear to be sent from a legitimate source. A common source used for these types of scams is PayPal.

Not only the email, text or instant message looks incredibly similar to the ones of the claimed sender, but once you click on the link in the message, the website asking you to enter details will also look remarkably similar to, in this case, PayPal.

A recent and popular PayPal phishing scam consists of an email informing you about a new login from an unknown device. The email prompts you to log in in order to confirm that it was you so stop the account from being limited.

2. Why Is PayPal A Popular Target For Phishing Scams?

On an average day last year, PayPal had around 124 unique URL from which threats were coming, making it the most popular phishing target. This popularity is due to PayPal having nearly 300 million active users with a large percentage being small to medium-sized companies which are often the most popular target for phishing scams.

Phishing-Scams

3. How to Spot the PayPal Phishing Scam E-Mail?

While the real message of the phishing email might look similar to the ones of the original sender if you study the way it is written you will be able to differentiate the two. Here are four different ways to spot phishing mail.

Proper Nouns and Brand Names

If you, for example, see the word “chrome” spelt with a lower case “c” it might indicate a scam mail. “Chrome” should always be capitalised as it is a proper noun. Additionally, Chrome is normally spelt out as “Google Chrome”.

Careless Repetition

If you, when reading a paragraph, get the feeling that parts are repeated, such as “you account” written close together, this could also be a tell-tale sign. A real email from PayPal will be carefully written, so if you think it does not sound very natural that is a big indicator it might be a scam.

Login or Log In

The misuse of “log in” or “login” is another obvious indicator of a phishing scam. The term “Login” is a noun used when talking about a username and password (e.g. Enter your login details). “Log In” however, is a verb used when talking about the process of “logging in” (e.g. Please log in to your account).

Unusual and Suspicious E-Mail Address or URLs

Another way to be almost certain you have received a phishing email is by checking whether the email address or the links used are strange. What is important here is to never click on any links on the page.

4. Where Does the PayPal Phishing Scam E-Mail Take You?

If you click on a phishing link you are, most likely, going to be re-directed to a website which looks similar to the official PayPal site. They are likely going to add a “captcha function” in order to appear more sophisticated. An example of that could be a “click on all the photos that include a car” pop-up.

Besides that, the web address might come back with a green padlock next to it, which many people often associate with a legitimate site. The green padlock, however, only signifies that the cite has an SSL certificate, which indicates that the information shared between your company and the website is encrypted.

5. How Do I Stay Scam-Safe?

Phishing attacks are becoming increasingly sophisticated and are evolving rapidly over time. It is important for you, your team as well as your business to always stay alert and wary of potential phishing emails coming in.

Make sure to never click on, open or download anything that looks even remotely suspicious. Always make sure to stop and check everything carefully to keep your business and its IT infrastructure as well as IO and data secure.

It is important to never share personal or sensitive data with anyone. Authentication codes such as WhatsApp verification codes are often targeted by cybercriminals trying to gain access to your account. If access is achieved, you will be locked out of your account.

Astec IT keeps their customers safe by continuously educating their client’s staff and training them to notice when something is not right (e.g. spelling mistakes in the email or the name of the sender, etc.) or unusual requests are made.

Astec IT is a Sophos Partner, where we limit the number of phishing emails coming in by implementing anti-spoofing and anti-spam filters. Sophos is a high-end security software which creates an easy-to-use innovative protection. Sophos’ endpoint protection has won AV-test award for best usability. Through the use of this software, Astec IT checks emails against a database in order to quarantine suspicious activity and prevent users from interacting with phishing emails unknowingly.

Astec IT can empower your staff through training and education sessions, to develop habits, that keep your business safe from vulnerabilities posed by phishing. A recent example is where a client in the investment sector, called us to report the finding of a suspicious email in which a cybercriminal was pretending to be the director of the company – requesting invoice payments and other payment details.

Since the staff member noticed a spelling mistake in the email address and notified us immediately, we were able to check the email address and block the email as well as IP address, so the cybercriminal will not be able to contact other users.

If you want us to review your current IT infrastructure, and highlight where you are currently vulnerable, please get in contact with us to receive a free consultation.

Latest posts
Microsoft Launches New AI Content Safety Service – The Latest Microsoft has announced the launch of Azure AI Content Safety, a new content moderation service that uses AI to detect and filter out offensive,...
Safety Considerations Around ChatGPT Image Uploads With one of ChatGPT’s latest features being the ability to upload images to help get answers to queries, here we look at why there...
Navigating the Cybersecurity Landscape: A Guide for Insurance Companies Introduction The insurance sector is built on the foundation of trust and the secure handling of sensitive data. However, the increasing frequency of cyberattacks...
The Imperative of Cybersecurity in the Financial Sector: Addressing Key Pain Points Introduction In an era where data is the new gold, the financial sector remains a prime target for cybercriminals. With the increasing digitisation of...
No Email Backup For Microsoft 365? In this insight, we look at what many users think to be a surprising fact in that Microsoft 365 doesn’t provide a traditional email...
Zoom Data Concerns In this article, we look at why Zoom found itself as the subject of a backlash over an online update to its terms related...
New Chatbot Attack : “Unstoppable” Researchers at Carnegie Mellon University have reported finding a simple way to exploit a weakness and disrupt major chatbots like ChatGPT, Bard, and others. ...

Technologies we work with...

Astec IT Astec IT - Ultimate service through advances in technology 02038026525 [email protected]