Scammers are ramping up their efforts to catch you out with their phishing emails – and the latest PayPal imitation scam email is frighteningly realistic.
This week a friend received one of the most convincing PayPal imitation scam emails we’ve seen.
From email, sign-in page to personal detail form, it features a well-thought-out user journey.
How it works
It starts with the email, which looks like a receipt confirmation and cleverly guides you to click on a link to dispute a transaction. You won’t recognise the name the transaction shows because it’s fake and has been made up by the scammer.
Once you’ve landed on the sign-in page, you’re guided to type in your email and password.
In all likelihood, if you make it this far without any suspicions, you’ll type in a genuine email address and password. This information would then belong to the scammer and enable them to access your real account.
Even if you make a slight mistake with your email and password, you’ll still progress to the personal detail form, as we’ve found that all the form needs is an ‘@’ sign somewhere in the email address field.
On the Personal Information Profile page, it asks you to enter your personal information to verify your identity.
Not only are you told to enter in your billing address and card details, you’re also asked to enter in your mother’s maiden name, branch code and account number for ‘verification’ purposes.
This is an extensive and thorough attempt to capture as much financial information about you as possible, so accessing your account is easier for the scammers.
What you should do?
You should always be wary when asked to part with this much information and report a scam to the internet service provider as well as the company it’s pretending to be.
If you think you’ve received a suspicious email purporting to be from PayPal or have been directed to a fake website, forward it to firstname.lastname@example.org and it will investigate it. PayPal advises that you then delete if from your inbox.
If you clicked on any links or downloaded any attachments within the suspicious email or website, you should also log into your account, view your transactions and change your password.
If you think you may have given a fraudster your bank details, contact your bank as soon as possible.
If you’ve already noticed unauthorised transactions taking place, read our guidance on how to get your money back after a PayPal imitation scam and use our free letter template to write to your bank.
Extra details to look out for
When a scam becomes more sophisticated and the usual tell-tale signs of bad spelling and grammar aren’t there, you can examine the details of the email and landing pages more closely for some clues.
- The design: For the more regular PayPal users among us, you’ll notice that the design of this imitation scam email is now out of date. PayPal upgraded its look and feel early last year, leaving behind the design matching this scam.
- The date: The more eagle-eyed might also glance to the copyright date at the bottom of the log-in page and the personal detail form and notice they aren’t updated to include 2017.
- The landing page URL: The landing page web address didn’t match that of PayPal. Always check the URL against the real site if you’re unsure.
PayPal has also published guidance on what its users should look out for more generally when it comes to spotting scam emails.
Did you receive the same email? What did you do about it? And what do you usually check for if you think you’ve received a scam email?