There is a PayPal phishing scam doing the rounds via SMS which inform the recipients that unusual activity has been detected on their PayPal accounts. If the user clicks on the link in the message, they are taken to phishing site which spoofs PayPal’s log in.
They are then asked to log in with their email address and password, followed by their mother’s maiden name, home address and credit cards and bank details.
The user is then redirected to the real PayPal log in page and the criminals have all your details, ready to further their attack.
What is clever about this is attack, is the criminals remember the IP number used to visit the page so if you click on the link again, it will take you straight to the authentic PayPal log in and it won’t look suspicious.
How can I stop this happening to me?
You can’t always stop receiving these messages but there are some things you can do if you do receive one: –
- Don’t click on links in text messages. If you have a PayPal account, find out the right website and type it into your browser yourself. Don’t rely on links sent to you in an SMS because those links can show as whatever the sender wants them to.
- If you do click on the link, check the URL in the address bar. Be especially careful on your mobile phone, where the address bar often doesn’t show much text from the URL you are visiting.
- If you realise you input your password on a scam website, change it immediately on the correct website. The crooks who run phishing sites typically try out stolen passwords immediately and automatically, so the sooner you act, the more likely you will beat them to it.
- If you have given you bank details, report it to your bank as soon as possible by calling their fraud number (often found on the back of your bank cards).