If you have a PayPal account you need to be on high alert for a new type of scam that appears to be doing the rounds. The latest attack – which has been spotted by the eagle-eyed team at Malwarebytes – is concerning because, to the untrained eye, it appears to have come directly from the popular payment firm.
When the message arrives, recipients see an email address that says service@paypal.com. With things appearing so official, it’s easy to see how some are being tricked into handing over highly personal details.
“When someone sends an email, their computer tells the email system what address to show as the sender. Scammers take advantage of this by using special software or programs that let them type in any “From” address they want. This technique is called spoofing,” Malwarebytes explained.
“The scammer sends their email through the internet, and since most email systems aren’t strict about checking this information, the fake sender address is displayed just like a real one would be.”
Once the message drops into inboxes and is opened, the PayPal user is warned that a new payment profile has been detected and a $910 charge is about to be added to the account. This tactic is aimed at shocking the account holder and making rash decisions in a bid to stop money being taken.
“New Profile Charge,” the message reads.
“We have detected a new payment profile with a charge of $910.45 USD at Kraken.com.
“Use this link to finish setting up your profile for this account. The link will expire in 24 hours.”
If the victim is tricked into clicking on the link in the email, the target starts the routine of adding a secondary user to their PayPal account.
As Malwarebytes explains, “The danger here is that a secondary user can issue payments. In other words, the scammer would be able to clean out your PayPal account.”
If you have a PayPal account, it’s a good idea to stay alert and watch out for emails claiming money is being taken from it.
Here are some rules to follow from security experts.
• Look out for the red flags above.
• Always search phone numbers and email addresses to look for associations with known scams.
• Go directly to PayPal.com to see if there are any messages for your account.
• Enable two-factor authentication (2FA) to add an extra layer of security to your PayPal account and help prevent scammers getting in.
• Report suspicious emails and phishing emails to phishing@paypal.com. Then delete them.
PayPal also has some good advice with the payment company saying, “Fraudsters may use PayPal to send you an invoice or money request that looks real so you’ll call them.
“If you don’t recognise the requester, ignore the request and don’t call any included phone numbers.”