Australians have been warned again to be on alert for another Paypal scam that they may find in their inboxes.
According to email security firm Mailguard, a malicious email that looks like it’s from the global payments system notifies victims that some “unusual activity on your Paypal” has been “detected”.
But it’s a phishing scam aimed at harvesting people’s personal and banking data, Mailguard said in a blog post.
This comes about a week after Mailguard issued its last scam alert, which warned users of ‘Suspicious Login Activity’ but also designed to steal sensitive information.
According to its website, Paypal has more than 7 million users in Australia.
Users are told of concerns about “potential unauthorised access”, and that their account has been “temporarily limited” as a result.
“For your .Safety [sic], we have temporarily limited your account. until you take action,” the email reads.
Recipients are then instructed to log into their Paypal accounts and complete steps to “secure your account”.
The unwitting victim is then taken to a fake login page, which then leads to several phishing pages that ask for:
Credit card details;
Banking details and identifiers;
Email details; and
Pictures of various documents used for verifying identity, including passport, national ID and driver’s license.
What to look out for
To catch the scam, there are multiple give-away signs, including poor grammar and spelling; generic greetings, or failing to address users by name; and URLs that don’t direct to where they are purported to go.
If you hear from a business you weren’t expecting to, it pays to be on the safe side and stay cautious about the notification.
However, cyber criminals will try to trap users through an alarming subject line and body, good quality logos and branding, and other language that demands users take action immediately.
“Most of these pages are designed to appear as legitimate pages belonging to PayPal, employing high-quality branding and styling elements,” said Mailguard.
“They are crafted to steal a wide variety of personal information from users and could lead to grave consequences.”
Anyone who falls for the scam will have their Paypal accounts hijacked and details and identity stolen.
“Scams that are initiated from compromised accounts (like in this case) are particularly dangerous because the emails are sent from a legitimate account, so they are not likely to be blocked by email security services. Cybercriminals often exploit these rules to trick users.”
Paypal’s global brand makes it popular among cyber criminals, especially in the context of the rise of online shopping amid the Covid-19 pandemic.
“All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data,” Mailguard said.
You can report scams to Scamwatch, as well as to the implicated institution.
Want to get better with money and investing in 2021? Sign up here to our free newsletter and get the latest tips and news straight to your inbox.