With over 230 million users and dealing with over 5 million transactions every day, PayPal is one of the most widely used online payment services in the world. Due to the vast sums of money being transferred every second, PayPal is an attractive target for phishers. If a hacker were to access an individual’s PayPal account, they could access a wealth of sensitive information, such as banking information. Therefore, it is no surprise that hackers commonly use PayPal phishing schemes to try to trick their victims.

PayPal phishing scams involve a scammer sending emails to a potential victim which the hacker has crafted in such a way that they appear to be legitimate emails sent by PayPal. Hackers can achieve this by illegally using the company’s logo in their emails, and mention specifically tailored information in the email about the victim’s personal life, which the phisher has obtained by searching their email accounts or social media profiles.

The scam then works similar to other email phishing schemes; the victim is invited to click on a link in the email, which brings them to a fake website which is masked and appears convincingly as the legitimate PayPal site. The user then inputs their login credentials as usual. The scammer can then collect these, and use them to obtain their bank account details from the real site.

What does a PayPal scam look like?

Several high profile PayPal phishing scams have appeared in recent years. In early 2017, hackers sent emails to users falsely informing them of “issues” with their PayPal account. The users were invited to log in to their account immediately to “fix” the problem. The hackers had put some effort into designing the email, and the result was compelling. The hackers had included the PayPal logo and added PayPal’s “fine print” at the bottom of the email.

By following the link in the email, users were directed to a website which was also a persuasive copy of the legitimate PayPal site. Those directed to it were even shown the “lock” icon on their browser; an indicator that the site was secure. This symbol appeared as the phishing form was transmitted over an HTTPS link, and therefore passed the browser’s security test.

However, in spite of the general convincing design of the scam, many of the potential victims spotted a suspicious domain name in the browser’s address bar. This is a clear sign that the website is fake, as it is more difficult more scammers to change this particular piece of information to mimic the real site.

Those who noticed this fake domain could avoid being scammed, but not everybody was as savvy; many fell victim to the very convincing operation.

How to spot a fake email

The quickest way to check the legitimacy of an email is to to look at the address from which the email was sent. Users should be wary of any emails not sent from a paypal.com address. Small grammatical errors in the emails or forms or slightly strange layout may also be an indicator that the email has not been sent from a reputable source.

PayPal always addresses their customer by their username in emails. If the email is written generically (i.e., “Dear PayPal customer”), then it is likely sent as part of a phishing scheme. PayPal offers various methods to determine spoof emails, and users who receive suspicious emails are asked to forward them to [email protected] for further investigation and to allow customers to be warned of potential scams.

For more phishing methods and security information visit www.netsec.news/