Cybercriminals work day and night to create more effective ways of portraying themselves to be someone they’re not in the effort to steal confidential information over the internet. The latest phishing scam targeting PayPal users has seen the use of government emails in order to bypass junk and spam folders and make its way directly into user inboxes. The end goal for these cybercriminals is to retrieve customer information to either sell on the dark web or to use for further fraudulent activity.
Users are receiving emails from what appears to be the Irish government under the email address ‘firstname.lastname@example.org’. Shown in the image supplied by Hackread, once opened the users are prompted with the message “Your Account Will be Limited, Until We Here From You . To Update Your Info . Simply click on the web address below”. Customers who click the link are taken to an Identical Paypal Login page and are asked to input their username and password. From there the victims are directed to an update details page where information such as name, address, phone number and payment details are filled in, in order to regain access to what they believe is their limited account. Upon completion, the confidential info will be sent directly to the scammer behind the email.
Not only does this give the perpetrators access to the victims Paypal accounts and the funds within, enough personal information is also collected for cyber criminals to then create a completely false Alias on the internet in order to continue fraudulent activity with out being caught. If one was to carefully read the content of the email, the several spelling mistakes can be seen, obviously throwing up a red flag for some kind of scam. These mistakes include the use of capital letters for almost every word, ‘Hear’ instead of ‘hear’ among a few others. However, if one was to rush through such email it is definitely possible to miss these mistakes due to the extreme similarity and therefore become victim to such scams. It is always best to read emails thoroughly and if login is required, visit the website directly rather than through an email link.
Source: Hackread, myonlinesecurity
Image : Paypal