Two realistic-looking email scams impersonating global online payments system PayPal have been spotted by email security software firm MailGuard.
The emails have been sent via malicious domains originating overseas, and they have been suspected to contain phishing links that harvest users’ confidential details.
At the time the emails were detected, MailGuard stated both emails contained links that were “not necessarily a threat” but that they could be updated to point to a phishing page, and “it is suspected that they did in the past”.
One email suggests the recipient’s Paypal account has been temporarily suspended due to an unauthorised transaction request from their account, and a link is provided to cancel the payment.
People who click the link are led to a URL shortener, which then redirects to a site that is offline.
“Multiple techniques have been employed by the cybercriminals behind this scam to boost its legitimacy,” MailGuard stated.
“Not only have they incorporated PayPal’s logo, but they have also the included Apple App Store and Google Play logos at the bottom of the email to lend credibility.”
Another scam message says unusual activity has been noticed on the recipient’s PayPal account, and states some of the account information is missing or incorrect.
Clicking on the ‘resolve now’ link will redirect you to a foreign language website.
“Just like the first example, this email also employs several techniques to motivate the recipient into clicking the link,” MailGuard stated.
“In addition, by indicating that their account will be closed within two days if users do not update their information, cybercriminals evoke a sense of urgency and panic, further motivating the recipient to take immediate action.”
How to know the PayPal email is fake
“Eagle-eyed recipients would notice several red-flags that point to the email's illegitimacy,” MailGuard stated. “These include spelling errors such as ‘cordialement, PayPal’ and the fact that the emails don’t address the recipient by name.”
How to protect yourself against the scam
MailGuard urges all Aussies to hover their mouse over the links contained in emails to check their legitimacy, and not to click unless you’re sure they’re safe. You can do that by typing the URL you intend to visit into your browser, and then searching Google to find the correct website before entering your details.
You should also filter you emails to block phishing scams from entering your inbox.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.