14 DAY TRIAL // Cybercriminals are sending out PayPal emails entitled something like “You submitted an order amounting of 59.99 GBP to Asda Stores Limited” in an effort to trick users into handing over their credentials and other sensitive information.
The emails identified by Hoax Slayer read something like this:
“Thanks for using PayPal. Please note that this is not a charge. Your account will be charged when the merchant processes your payment. You may receive multiple emails as the merchant processes your order.
Your funds will be transferred when the merchant processes your payment. Any money in your PayPal account at that time will be used before any other payment source. View the details of this transaction online.”
The name of the company might be different in other emails, but if you come across something similar in your inbox, act with caution.
If you click on the link and you are taken to a website that resembles the PayPal login page, make sure that you’re on paypal.com and not some other domain before entering your username and password. Also, make sure that the page you’re on is protected by an HTTPS connection.
Users who fall for the scam and enter their credentials on the fake PayPal page are taken to a second phishing webpage where they’re asked for additional personal and financial information.
Once the information is handed over to the crooks, the victims is taken to the genuine PayPal website, most likely in an effort to avoid raising suspicion.
If someone has truly made unauthorized payments on your behalf, you can view the details of the transaction by logging in to your account. However, don’t log in by clicking on a link contained in an unsolicited email. Instead, type the website’s URL in the web browser yourself to make sure you’re on the right domain.
Also, some pieces of malware might inject phishing pages when you visit such websites. In this case, remember that payment processors and banks will never ask you to hand over information such as passwords, PINs and credit card details.