If you are looking for online shopping bargains, beware that you may be getting more than what you bargain for in your inbox.
Cyber criminals are sending out phishing emails purporting to be from PayPal in order to steal your credit card details. Phishing scams usually involve a fraudulent email and website links that appear to come from a known company or financial institution. In this case, PayPal.
Here is an example of the phishing email below:
As you can see, it appears to come from the PayPal Resolution Center and asks the recipient to verify their PayPal account. Other examples you could have received from the same run may say that your PayPal account is temporarily limited, before asking you to restore the account.
Once the ‘Access PayPal Account Securely’ link is clicked, the user is taken to what appears to be the legitimate PayPal website. While it appears to resemble the legitimate site, pay close attention to the website URL in the address bar at the top of the screen. You can clearly see it does not contain the legitimate PayPal website address which is www.paypal.com, instead showing a fake URL such as redir1.krash.net:8222.
Once you have logged in, you are redirected to another landing page which requests your credit card information.
All credit cards conform to a specific algorithm that allows merchants to verify whether a card number is correct. These phishing scammers have utilised this same algorithm to eliminate any typos and ensure that the correct credit card number is entered.
Once the credit card details are entered correctly, cyber criminals now have a copy of these details, whilst the email recipient is none the wiser that they have just been scammed.
Criminals specifically target well-known organisations because they know that people have a sense of familiarity and trust when they receive email correspondence from these companies. For this reason, email recipients are more likely to fall for the scam and share their personal information or passwords which criminals can then use for their own financial gain.
Here are other examples of some past phishing scams:
Commonwealth Bank
Telstra
DropBox
Phishing scams can come in many guises, so this is why you must be vigilant and pay close attention to the emails you receive. Here are some quick tips to help you deal with a suspected ‘phishy’ email.
It pays to never click on a link contained within an email. If the email contains a link for you to go directly to your account, type the website address directly into your browser and enter your account that way.
This is also important as some phishing scams may contain files or links that in turn ask you to download files such as .exe or .zip files. Never download these unless you are sure of their legitimacy, as they may lock, encrypt or steal your data. Also, be sure to back up your business data every day.
Educating staff and employing multilayered defences including desktop antivirus, anti-malware, anti-spyware, and using cloud-based email filtering and web filtering will go a long way to mitigating the risk from a wide range of email scams.
You can learn more about how phishing works in this blog: What is a phishing scam? And how to spot them (using PayPal as an example).
^ Back to top
