Paypal phishing scams are becoming even more sophisticated

30th July 2018

Paypal scamNot a day goes by in the office without one or more phishing scams arriving in the inbox. These are one’s that have got past our pretty stringent spam filtering in the first place, so to make it this far makes them worthy of mention.

Just this morning we had two purporting to be from Dropbox and asking me to ‘log in and verify my credentials’…. Sounds perfectly legitimate. Not.

In short, we are used to them and deal with them accordingly.

But what about the general public? What about when these emails intrude upon their lives and demand instant attention?

This latest spate of emails are getting better not least of which because they are removing the one obvious way you used to be able to tell it is a scam.

Previously, all you needed to do was hover over the link in the email (not click on it!) and it would show you whether it was taking you back to paypal.com or to some random website clearly nothing to do with PayPal.

In this latest iteration, they have started to use bit.ly links, which are a simple way of shortening long links to make them easier to use. From their website, they say:

“Bitly allows you to easily shorten, share, manage, and analyze your favorite links from around the web.

After you sign up for a free account, you will see the option to “Create Bitlink” at the top of the page. Once you shorten a link, you can customize and share your link across social channels, email, SMS, print, or anywhere else you can think to put a link!“

The problem with this is that you can’t tell for certain that is isn’t PayPal. Except that you can. You and I may understand that PayPal would never use bit.ly links in their emails but members of the public are simply not that clued up.

Paypal scam 2

If you are unsure of whether the email is a scam or real, here are our top 5 things to look for;

  • What does the ‘to’ email address look like? Reputable organisations use their own domain name in it i.e. support@paypal.com rather than xsPbnGx904Hdi30DF4lt.accept.xsPbnGx904Hdi30DF4lt.ebay@intl.xsPbnGx904Hdi30DF4lt-xsPbnGx904Hdi30DF4lt.appleid.icloud.com (yes this really was the one they sent this morning)
  • Does the headline and body copy make sense? And by this, we mean real sense, plain English, not some garbled version of English. Often, many of these scams originate overseas and this is evident in the way they phrase their English.
  • The random introduction of another language – often near the bottom of the email, if you suddenly see Spanish, German or French then it is likely to be a scam.
  • Do they address you by your first name? Scammers rarely know your first name and will probably use your email address instead; this is a giveaway.
  • Does the footer of the email offer the chance to unsubscribe or change your preferences? GDPR rules now demand that this is in place but scammers don’t know this and certainly don’t care about it either.

As these emails get better and better the chances of you clicking on something malicious increases dramatically. Prudence, therefore, suggests that at the very least you need to invest in some anti-malware protection and as a member of the general public, some anti-virus software. As a business though, you really should have anti ransomware installed.

Because if you are hacked, how much would you pay to release your data?