How not to be caught by PayPal phishing scams

PayPal logo on Phone

As one of London’s leading managed IT services providers and expert cybersecurity teams, we spend a lot of time explaining to our clients how not to be caught by PayPal phishing and other scams.

But with phishing scams becoming ever-more sophisticated and targeting everything from the social media platforms to financial services companies, we make no apology for returning to the subject to help keep your business, your systems and your data safe and secure.

In their Phishers’ Favourites Report of Q4 for 2019, US e-mail security specialists, Vade Secure, highlights the 25 most impersonated brands in phishing attacks around the world – and they include some of the best-known businesses on the planet.

This clearly demonstrates how PayPal and some of the world’s most popular social media platforms, such as WhatsApp, rank highly as scammers’ targets. As many of these resources are used by our small to medium-sized clients, in this blog post we’re going to explain some of the risks so you and your team can prepare and protect your enterprise. Below you’ll discover:

The first step in how not to be caught by PayPal phishing scams – know your enemy

When it comes to the best way not to be caught by PayPal phishing scams, it’s vital that you understand the threat. Phishing is a fraudulent attempt to obtain your personal or business’s sensitive data (such as usernames, passwords and credit or bank card details) by using e-mails designed to look like they’re from legitimate sources, such as PayPal.

Although they are typically carried out by e-mail they can also be undertaken via text or instant messaging. Usually they will direct you to enter personal information at a fake website which also matches the look and feel of the legitimate site, like PayPal.

Why PayPal is the most popular target for phishing

PayPal was the most impersonated brand in phishing attacks last year, with the daily average threats coming from 124 unique URLs. PayPal’s popular with the phishing community because it has nearly 300 million active users, many of whom are small to medium-sized businesses here in London and beyond, thus offering a massive pool of potential targets.

A recent and popular PayPal phishing e-mail to be aware and wary of tells you that there’s been a ‘New login from unknown device’ attempt on your account and that service to your PayPal account will be limited until you log in and confirm that is was you.

If you’re not wise to this scam, you can easily hand over your financial and personal details as well as your login credentials, which are then promptly stolen.


Phishing email attempt from PayPal
















How to tell genuine PayPal communications from the fake

Trouble is, you may well have seen legitimate e-mails like those described above from legitimate sources before. That’s because some organisations do keep track of the IP address you use when logging in to your account to protect you from fraud. And they will ask you to confirm that it is indeed you simply accessing your account from a different IP address.

Four ways to spot the PayPal phishing scam e-mail

While the fake and genuine e-mails or messages may look alike, there are tell-tale signs you and your team can use to differentiate a bogus e-mail from a legitimate one, if you study the way it’s written.

Note though that nowadays the scammers are more sophisticated. They don’t usually make the obvious grammar, spelling or style errors that used to give their game away but there are other clues you can spot. Here are four things to look out for:

Proper nouns and brand names

One example is that the browser the fake e-mail comes from might include ‘chrome’ but with a lower case ‘c.’ Chrome should be capitalised as it’s a proper noun. Also, it would usually be spelled out in full as in ‘Google Chrome.’ A sure sign that the sender probably isn’t a native English speaker and is quite possibly a scammer.

Careless repetition

Another clue that points towards scam e-mails are careless repetitions, like ‘your account’ and ‘your account’ appearing alongside each other in the same sentence or paragraph.

Login or log in

Another sure sign of spotting a scam is the misuse of ‘log in’ and ‘login’ as these have different meanings and usage. ‘Login’ is a noun that refers to the username and password you use to access your account (i.e. ‘Enter your login details’) and can also be used as a noun to refer to the act of logging in (i.e. ‘We suspect unusual login activity’).

Whereas ‘Log in’ is a verb that refers to the processes you go through to access your account (i.e. ‘Please log in to your account’).

If you get an email that uses these words incorrectly, alarm bells should ring.

Unusual or suspicious e-mail address or URLs

Also look out for other suspicious things, such as the sender using an unusual email address or links to strange websites.

Do not click on any links on the email but try visiting the website of the organisation supposedly sending you the email by typing their address into your browser. Usually right on the home page you should be able to see whether there are any alerts or messages confirming the content of the email you’ve received.

Where the PayPal phishing scam e-mails take you

If you or your employees fall for a scam e-mail at home or in the office, you’ll likely click the link provided and be redirected to a bogus website that looks like the genuine PayPal site.

To prove that scammers are getting more sophisticated, they may at this point add a captcha function (such as ‘Click on all the photos that include a car’). This is designed to give the illusion that the page you’re about to enter is secure.

Likewise, the web address may well have a green padlock next to it, which many people take as an assurance that they’re on a legitimate site. Unfortunately, this symbol only signifies that the site has an SSL certificate, which means the information shared between your computer and the website is encrypted.

This protects the scammers, not you, as it ensures that other criminal hackers can’t hijack the connection to steal information as you enter it. However, that level of security offers no protection to you if the website itself is fraudulent.

Taking the PayPal phishing scams to the next level

Once on the scam site, you’ll be asked to log back in to your account. This is where most phishing scams end because the criminal now has your login details, which they’ll use to access your account, change your password and reset the account’s associated email address to permanently lock you out.

But this is also when a scam can go into overdrive because the crooks think that if you’ve fallen for it and provided the information you have, why wouldn’t you give a little more?

At that point, therefore, you could be presented with a series of screens asking you to confirm other personal details, including billing address, payment card details and so on.

If you comply with these requests you’ll have handed the scammers a bounty of personal information that can be used to conduct a variety of fraudulent activities, especially:

  • Undertaking payment card fraud, either making purchases from your account or transferring funds from your account into another owned by them.
  • Selling the information on the dark web to other cybercriminals which is a less lucrative but safer route, as they avoid the risk of being caught performing other illegal activities.

Why PayPal phishing scams on social media continue to surge

While PayPal phishing scams will be a major concern to many of our small and medium-sized clients in London who use that payment platform, phishing scams continue to surge across social media, too – which are also used by most businesses these days.

Most industry expert believe that the spike in phishing attacks on WhatsApp, is the result of a campaign inviting recipients to the so-called Berbagi WhatsApp group, which advertises pornographic content. Our guess is that this won’t trouble the work of most of our business clients, but it is a reminder that you should be careful when using any social media platform.

One common sense explanation for Facebook’s consistent popularity for phishing scammers could be the rise of social sign-on using Facebook Login, examples of which you’ll probably have seen. The issue here is that once scammers have your Facebook credentials, they can see what other apps you’ve authorised via social sign-on—and then compromise those accounts. Cybercriminals may then harvest your credentials and attempt to reuse your passwords to hack into other online services. The problem is that many of us use the same passwords across many accounts so it’s not hard to see the logic behind the criminals’ thinking here.

Friday has become the busiest day for phishing scams

Recent research has highlighted the fact that Friday is the top day globally for phishing attacks, especially amongst consumer-oriented brands, from PayPal and Facebook to financial services organisations like banks.

We tend to use these services more at the end of the week and are also more relaxed and less alert to suspicious activities on a Friday, which means we play right into the scammers’ hands.

Interestingly, while Saturday and Sunday are the least common days for phishing attacks, cybercriminals are gradually sending more campaigns out at the weekends, perhaps because we are all more likely to let our guard down at that time.

How to stay scam-safe

Phishing attacks are ever-evolving and the cybercriminals behind them are becoming ever more sophisticated.

The best defence you, your team and your business have is to stay alert, be aware of the phishing scams out there and DO NOT click on, open or download anything that looks remotely suspicious.

As we say here in the UK, although not so much in London, ‘If in doubt, do nowt!’

So stop, check and be sure to keep your business, IT infrastructure, IP, data and confidential client information safe and secure.

Your employees need to be properly trained and prepared to protect your enterprise, because it’s not just your security that’s a stake but your entire operation.

If you’d like to know more about protecting your business against phishing attacks or other online risks and threats, please don’t hesitate to call the five star award-winning go to IT support team for London, totality services. We’re highly experienced experts in cyber security, and are always happy to help you with a confidential, no obligation chat.