ANYONE with a PayPal account needs to watch out for a dastardly email that could empty your bank account in seconds.
Security professionals have warned about a “dramatic spike” in the costly criminal scheme.
4
Experts say scammers have “evolved their tactics”, warning over a series of devastatingly effective scam emails that could turn up in your email inbox.
These messages are highly convincing, look just like official PayPal messages, and raid your profile in just “one click”.
Security giant McAfee says it has tracked a “dramatic seven-fold increase” in this type of scam since January.
And PayPal has become a “prime target for cybercriminals looking to steal personal information and money“, McAfee’s Abhishek Karnik explained.
One of the main email types is headlined with “Action Required”.
This demands that you update your profile details urgently – usually within 48 hours – or your account risks being banned.
It’ll warn that PayPal has previously tried to contact you, and says you’ll be locked out of your account if you don’t reply.
McAfee says that this particular scam campaign is focusing on email – rather than text or social media.
Another kind of “real-world” scam that McAfee has seen is a promise of a reward.
One email says you can bag a cash gift for completing a short survey.
In both cases, you click through – and then you’re at the mercy of the crooks.
There’s no account problem or cash reward. Instead, you end up handing your log-in details to crooks when you sign in or fill in details.
That can give criminals blanket access to your PayPal account, allowing them to steal your info and even funds.
The security experts warned that there are four other types of PayPal scam email that might turn up, all with similarly costly outcomes.
4
They include:
- Fake PayPayl gift card offers
- Phoney invoices for purchases
- Customer support scams (including billing issues)
- Fake payment requests or confirmations
Thankfully it’s easy to stay safe by following some simple rules.
“Never click links in emails or texts claiming to be from PayPal,” Karnik explained.
TURN TWO-STEP VERIFICATION ON FOR PAYPAL
Here’s how to enable this important security feature…
“PayPal’s 2-step verification (two-factor authentication) gives you an extra layer of security when accessing your account,” PayPal explains.
“This process can only be done through your web browser and not through the PayPal App.
“You can set up 2-step verification using an authenticator app (like Google authenticator and Microsoft authenticator).”
Log in to PayPal, then choose the Settings option.
Now go to Security > Set Up (next to 2-step Verification).
Choose how to get a code – for instance, via an authenticator app.
Then click Set It Up and follow the instructions.
Picture Credit: PayPal
4
“Instead, open a new browser window and log in directly at PayPal.com, or use the official PayPal app to check for notifications.
“If you need to contact PayPal support, use only the official contact methods listed on their website.”
Karnik also added: “Legitimate companies don’t typically threaten immediate account closure or demand urgent action within short timeframes like 28 hours.”
McAfee recommended that all PayPal users turn on two-factor authentication, meaning you’ll need a code to log in to your account in addition to a password.
4
