Recently we came across several questions regarding PayPal scams in social media and other platforms. Keeping those in mind, we would like to enlighten our readers and users regarding the same.
Phishing is an attempt made by cyber spammers to trick the victim by collecting personal and other financial information through an e-mail, which appears to be from a legitimate website or business. This is one of the fastest and easiest methods of personal data compromise.
The body of the e-mail warns that your PayPal account has been limited. If you happen to click on reset your account, a new url with no HTTPS and the domain is clearly not controlled by PayPal.
Note: The webhost has taken off the domain.
Entering your E-mail address and password into the form field triggers a number of checks by the Phishing script that created this domain.
Next, you will be asked to update your billing address. Based on the information delivered, the cyber-criminal would be able to build a profile based on the information entered. There is a possibility of data being stolen and can be used for scams such as Identity Theft. After obtaining all the personal information, the cyber-crook would look for more information such as updating Credit/ Debit Card details and Bank Account information.
The last thing the cyber-criminal would ask is for your banking account details. This form serves two functions; first it collects Bank id and Bank password. Secondly, it collects Account number and Routing number. Bank Routing number or routing transit number (RTN) is a nine digit number used to identify a financial institution in a transaction.
This is the end of the scam. The entire thing was designed to make you believe as if you were dealing with PayPal entire time. However, at this stage your banking information, personal information, credit card details, and PayPal account have all been compromised. There’s no going back.
The final stop in the scam is the actual PayPal website. If you look at the address bar the URL has an HTTPS and the area where the padlock exists has both the company name and is green.
What should you do?
- Forward the entire PayPal phishing email to email@example.com.
- Use a trustworthy Anti-Virus (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
- Always check for “https” prefix before entering any financial information for electronic transmission over the internet
- Never send or reply to emails which ask for sensitive information such as Credit card number, PIN (Personal Identification Numbers) and Bank account number to an unauthorized person.
- Check your Credit Card, Debit Card statements regularly.