Scammers are pushing out fake PayPal emails that use the premise of an unverified transaction to phish for customers’ personal and financial information.
With the end-of-the-year holidays quickly approaching and many users worrying whether the gifts they bought online will be delivered in time for the festivities, an email from PayPal saying their transactions were impossible to verify or their payments were not processed will throw most users for a loop.
Phishers are counting on that, and are hoping that panicking users will be too distraught to notice that the email did not actually come from PayPal and that it didn’t address them by name:
Those who fail to identify the email as fake and click on the button ostensibly taking them to the “Resolution Center” will be taken to a phishing site set up by the criminals.
There, through a series of pages, they will be asked to enter their PayPal login credentials, physical address, phone number, mother maiden’s name, date of birth, and payment card information (name, number, card number, expiration date, security code):
Here’s one example:
I suggest you send this email to your employees, friends and family. Feel free to copy/paste/edit:
"There is an especially sneaky PayPal scam tactic in the run up to the holidays, when many people struggle to remember the who/what/when/where/why of their festive spending. Scammers are banking on the holiday rush combined with the convenience of "clicking a link" to steal cash out from under your nose. Make sure to not click on links in unsolicited emails, and manually navigate to any shopping site. Check out the KnowBe4 Safe Holiday Shopping Video:" https://youtu.be/B2Q0OLZP404
Warm regards,
Stu