Most PayPal phishing scams are done by emails with links to bogus websites that look like the official PayPal site. The scammer sends an email to get the victim to supply personal information, to dispute a bogus charge, or to download spyware. Once the victim enters the requested information or downloads the spyware, the criminal uses the information to steal the victim's identity.
Beware of Identity Theft Scare Tactics
The goal of the identity thief is to alarm the victim into acting quickly without thinking. For example, an email will state that there has been a major security breach and that PayPal is working hard to protect its customers from fraud. In order to protect sensitive information the email directs the victim to a spoof website to "verify" their PayPal password and bank account information. The victim is told that providing this information will prevent thieves from robbing their bank accounts when, in fact, the opposite is true. The thieves play on the victim's fear of losing their money.
Other emails tell the victim that a charge was made to their account that may not be legitimate. Of course, the fictitious charge was not authorized by the victim so the victim feels compelled to act quickly to correct the problem. The victim is directed to a spoof website to dispute the charge and asked to supply account information in order to recover their funds. The identity thief then proceeds to clean out the victim's bank account.
Identity thieves also send emails that threaten to suspend or freeze a person's PayPal account if the requested information isn't supplied immediately. Once again, the victim is told that this is for their own protection. The people most vulnerable to this scam are those who use PayPal for their business. When people are told their livelihood is threatened, they tend to panic and act too hastily. Legitimate businesses do not try to rush people into taking action.
Spyware for Identity Theft
Another scam email urges the victim to open an attachment that downloads spyware into the victim's computer. The identity thief can then retrieve critical information about every account held by the victim. The thief can use these accounts and open new accounts in the victim's name. PayPal never sends emails with attachments. This is a definite indication that the email is fraudulent.
Many of these emails come from criminals in other countries and have spelling or grammatical errors. For example, the scam email say "Click the link below to dispute change." instead of "Click the link below to dispute the charge." Another scam email might say, "Thank you for cooperation." instead of "Thank you for your cooperation."
Don't Respond to Emails
PayPal never sends emails to account holders that ask for sensitive information. All emails from PayPal are addressed to the account holder by first and last name or by business name. They never address customers by their email address or by a generic salutation like "Dear PayPal Customer." The best rule of thumb for avoiding PayPal and other phishing scams is to never give information in response to an email. To check accounts or dispute charges, log on to PayPal directly through the web browser address bar. Forward suspicious emails to the Federal Trade Commission at spam@uce.gov and to PayPal at spoof@paypal.com.
 |
