It’s not your typical email phishing scam, but then cybercriminals are always looking for new ways to swindle us. And we’ve seen many warnings about PayPal scams lately. Yet another one, this PayPal “No-Phish” email phishing attack is rampant. Scammers are tricking PayPal users into handing over their accounts thanks to this highly sophisticated phishing scheme.
The typical phishing giveaways we’ve come to expect don’t apply to this clever campaign. Bad grammar and spelling are gone, as are suspicious low-quality graphics. And, the URL links pass the spelling test. The way this no-phish phish is constructed, it also gets beyond the typical phishing detection software. Put all of these elements together and it’s easy to see why this phishing attack works so well.
The No-Phish Phishing Scam
This phishing attack starts with an email to a target showing a payment request was generated by their PayPal account. The email passes all the phishing tests so the victim sees no reason to doubt the payment request—and neither does PayPal.
Opening the link, the victim logs into their account to pay the invoice. Thanks to the stealthy phishing setup, they’re unknowingly handing over their PayPal account to the scammer. Unfortunately, what happens after that is up to the criminal, and that’s never a good thing.
How to Avoid Taking the Bait
Using common sense and a few cyber-smart tips can keep your money and your PayPal account safer. Most importantly, never pay invoices or send payments if you’re not expecting a bill, especially if you don’t know the sender. It’s the best way to stop this phishing scam in its tracks.
Also, never respond to a suspicious email, especially with any personal information. If you’ve already sent that information or clicked a questionable link, immediately change your password and contact the account company and your financial institution. Don’t forget to use 2FA and other personal verification methods whenever possible.
Staying safe online is our own responsibility. That’s why using our Spidey-sense and helpful tips can keep us out of the phish tank and our funds and personal information safe.
SUBSCRIBE TO WEEKLY NEWSLETTER
