Very convincing PayPal emails are scamming Aussies: Are you at risk?
Australians have been warned of a fake PayPal email scam that is designed to convince people to hand over their personal information.
Security firm Mailguard first detected the phishing email circulating on Monday night.
"The hallmark of this scam lies in not only how well-designed it is, but how it ironically utilises safety features to steal confidential data of users," said a Mailguard spokesperson.
The email, which is made to look very genuine with sophisticated PayPal graphics and logos, demands a "quick confirmation" that a new email has been added to their account.
Then it preys on the recipients' worry that they hadn't added a new email address – and provides a link to "let us know straight away" to secure the account.
After that link is clicked, the scam takes the victim through several very authentic-looking pages where email, mobile number, password, billing address and credit card information are entered.
The criminals take that information away, then finally the user is redirected to the real PayPal site.
Aside from the convincing design, the scam uses psychology to induce even the most wary users form acting without checking its bona fides.
"Telling the recipient to ‘let us know right away’ creates a sense of anxiety and panic that their account isn't safe. This also motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors," said the Mailguard spokesperson.
"The body of the scam email is, ironically, focused on securing the users’ PayPal accounts.... All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details."
How to avoid falling for email scams
There are three ways to avoid falling for phishing scams, according to Mailguard:
1. Hover mouse over any link in emails before clicking on it
This shows the website address of the link, giving you a chance to see if it's safe.
2. Go manually to the organisation's website rather than following the email link
Type the URL manually into your browser or find through a Google search to visit the official website before entering your personal information.
3. Be suspicious when any page asks for personal information
Shouldn't a bank or PayPal already know the information you're about to type in? If so, be suspicious.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.