The wave of scam and phishing emails just doesn't stop. This time, a bunch of PayPal scam emails are doing the rounds, and this time they're more devious than ever.
These scams use safety features to steal victims' confidential data, and are ‘brandjacking' trusted names in the industry to conduct their attacks.
In this case, a newsletter email service called newsletter.com.au was compromised at some point. Attackers are using this service to send fake emails with the display name “PayPal”.
According to security firm MailGuard, the message is a ‘confirmation' that a new email address has been added to their PayPal account.
The email then asks users to click a link that says ‘let us know right away' if they did not add the email address to the account.
When users click on the link, they are taken to a clone of the PayPal website – but that website is anything but real. The page leads to another PayPal-branded login page requesting users for an email or mobile number.
When users click ‘next', they are asked for their password. They then appear to ‘log in' to PayPal.
Users are then asked to update their billing address.
When they do so, they are then asked for their credit card information.
After they've done all that, they are then redirected to the genuine PayPal website.
“Several techniques have been employed in this email to look like a genuine notification from PayPal, including the usage of high-quality graphical elements such as the company's logo and branding,” comments MailGuard.
“Another technique is the attempt to evoke urgency; telling the recipient to ‘let us know right away' creates a sense of anxiety and panic that their account isn't safe. This also motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.
“It is also interesting to note that the body of the scam email is, ironically, focused on securing the users' PayPal accounts. This only adds on to the sense of legitimacy evoked by the email as security updates such as a new email address is a common notification expected of such a well-established company. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details.
MailGuard says if people are sure if an email is genuine, they should contact the company directly. People should also:
• Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations.
• Always hover your mouse over the links contained in emails in order to check their legitimacy – don't click them unless you are sure they are safe.
• To ensure safety, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.
• Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.