Its the joyous season and with so many people shopping furiously for gifts, the email scammers are online to fish a little for themselves. Scammers know that online buyers potentially may use “PayPal” one of the most popular products to pay for purchases and have devised ways to entice the unwary into their traps.
- First there scammers pick an audience..In this case “PayPal” users.
2. Scammers then setup an elaborate site replicating a lot of what users see when login into the real “PayPal” site. (Similar, but not perfect)
3. Scammers send the bulk email to large numbers of addresses hoping someone will click and enter their details into the fake site where the scammers collect data , login details, credit card numbers, license numbers and that really important number that everyone wants to verify you with, your date of birth.
So here is how it starts.
A new PayPal email Scam out now, just in time for Christmas. This is actually” Hot off the Press” and straight out of my own email client today.
The new eMail scam is arriving in your inboxes, alerting you to an issue with your PayPal account that needs resolving. It is pretty clear that these scammers have been working at length to setup an elaborate webpage to entice persons to login with their credentials.
First of all you will receive the email which will require you to click on a lick and enter some sensitive information..
Pictured below is the content of the email and you can see the addresses from which it originates.
You will notice the email originates from vww12-paypal.zendesk.com and when you look further into this it would seem that these scammers have setup an account through zen desk.com so as to facilitate their attack.
If you go further and click onto the link you will be prompted with a login screen.
Looks pretty legitimate other than the address which you are about to log into is some long bunch of junk followed by lawcolonel.com without any security certificate.
Always check certificates and security labels of websites, especially website you are about to log into.
If you continue and login you will see the following.
I suggest you do this with fake credentials, (It will work and let you in, scammers don’t know the real credentials anyway)
Note the address of the website you are logging into.
They want all your details, including security questions, phone numbers, credit card details, and license details. You would think at this stage that if this were the real “PayPal” some of the details would already be there???
The message is :- You must always scrutinise email, no matter who they come from.
And enable “Two Factor Authentication” for all critical sites, Banks, PayPal, etc. SMS alerts etc.
Remember the real “PayPal” links appear as below and never refer to zendesk or any other domain names.
All the best,