Phishing attacks have become commonplace in the modern business landscape as cyber criminals attempt to access the sensitive financial information of individuals by posing as organisations they interact with on a regular basis.
The latest phishing scam involved the online payment company PayPal, with members being sent authentic-looking emails purporting to be from the company.
They request that users add their account and credit card details to ensure their account is not closed down. The emails have been arriving in the inboxes of thousands of customers, with some being taken in by them due to their appearance and the website created to harvest the details.
Criminals are using the method of sending a PayPal receipt for a purchase not made by the user, then sending follow up emails explaining that the company has detected fraudulent activity.
The first states that the security system has picked up unusual charges linked to the account and that a “limitation” has been added, preventing any further payments.
The emails inform the users that it is possible to resolve the security breach and remove the limitation by filling out and submitting an attached form.
While the emails look professional and as if they have been created and sent by PayPal, there are ways to decipher if the correspondence is a fake aimed at retrieving account and banking details.
A generic greeting often indicates a phishing scam and PayPal will always use the name registered on an account. Any request of personal or financial details are also suspicious as payment companies and financial institutions will never request this information.
Attachments from major companies, such as the form used in the PayPal phishing attack, are often an indication that the email is malicious and grammatical errors often portray an attack.
The company said: “We investigate the emails and try to take action against the people responsible,” said a spokesperson. Forward it to spoof@paypal.co.uk, without changing the subject line. You should then delete the email from your inbox.”
About CSC Phishing Protection Services
CSC® Digital Brand Services offers you a way to fight back. Our Phishing Protection Services help prevent and mitigate phishing attacks and online fraud through authentication, monitoring, and fast takedown. Our team works with you to tailor a solution to your security needs and reporting requirements. With robust detection capabilities and the industry’s fastest-documented takedown times, we help you minimize the damage from phishing and online fraud. Visit cscglobal.com for more information.