PayPal Phishing Scam

[Jacko]

Guys, just a warning for all you PayPal users out there. Likelehood that none of us will get this anyway, but rather tell you all anyway. Obviously realise most if not all, this is common sense anyway.....

 

This looks more US based at the moment, but could be duplicated here.

 

New phishing scam uncovered

Tricksters target PayPal users with email and phone ruse

 

A new phishing email is targeting PayPal users trying to trick them into calling a phone number and revealing their credit card information.

 

Security company Sophos says the email purports to come from PayPal and claims the recipient’s account has been the subject of fraudulent activity.

 

Unlike normal phishing scams, there is no internet link or response address, but instead a prompt to call a phone number and verify their details.

 

When dialled, users are greeted by an automated voice saying: ‘Welcome to account verification. Please type your 16 digits card number.'

 

If victims fall for the ruse, the scammer can steal the information and go on a spending spree. To appear legitimate, users are asked to re-enter their details if incorrect details are given.

 

Although the telephone number is American, Graham Cluley, senior technology consultant at Sophos says the fact that PayPal is global means people are more likely to be tricked.

 

‘This scam underlines a real problem for online companies in how they communicate with their customers. Many users are beginning to learn not to click on links in unsolicited emails, and only visit legitimate web sites, but how many would know whether a phone number for a web site is genuine or not,' said Cluley.

 

He says it’s the first time a scam of this nature has targeted PayPal, but says it has been used to try and trick customers of some large American banks.

 

‘It it taking it to a new scale in the number of people it tries to trick because PayPal is global,' he said.

 

He says this type of attack is likely to escalate with hackers ‘harvesting’ messages from corporate switchboard systems to sound even more like the legitimate company.

 

‘Phishers are changing their tactics. With voice over IP, they can set up a fake company switchboard on a computer,' he warned.

 

‘The problem is that users know the url of their favourite websites, but they don’t easily know their telephone numbers,' he said.

 

Cluley says online companies can improve the security of communication with their customers through increasing use of private messages.

 

‘If a customer is told via email that there is a message waiting for them and they have to log in to the site to get it, there is less scope for scams,' he said.

[leebar]

Hi All,

 

Phishing is a major issue in the UK, affecting not only PayPal but high street banks as well.

 

Recomendation is that if you recieve a mail from any financial institution asking you to "click to update your details" delete the email without action, do not click or even unsubscribe if an option (unsubscribe just validates that yours is a genuine email address). If you are concerned that the email may be real, go to your normal site by typing the full address into a browser or call them to confirm.

 

Not syaing this is a full guide but I'm an ex-banker and now work in online advertising and get spammed/phished on a fairly regular basis, but managed to avoid any cash going walkies.

 

Cheers

[mike@mjpauto]

Worldpay are also currently experiencing fake e-mails in the UK suggesting that a transaction on your account has been subject to send-back - usual link to click etc. Giveaway is that the link is for uk.worldpay.

The official WorldPay site has a small banner at the top of the home page with warning and more details.