PayPal Phishing Scam Nets Over £1m

This month we’ve been focussing on the cyber criminal tactic, phishing.

More often than not, cyber criminals mimic real organisations emails in an attempt to con users out of personal and financial information.

PayPal, is marketed as the safe way to transfer money and pay for goods. However, this safety net can be quickly pulled from underneath you.

In 2019, between October and December, people made 3,059 reports of fake ‘phishing’ PayPal emails to Action Fraud. This resulted in a total loss of £1,121,446. The main victims fell under the online marketplace category (for example eBay), whereby they have been selling goods to people.

Fraudsters, pretend to be ‘PayPal’ and send emails to victims informing them that payment has been received for the item they’re selling. This email is quickly followed by an email requesting a tracking number, all with the aim of rushing the victim into shipping the item, before they have had a chance to verify the payment.

According to the ‘Phishers’ Favourites’ report for Q4 2019, Vade Secure found that PayPal is the most impersonated brand by cyber criminals for the second consecutive quarter in a row. This is then followed by Facebook and Microsoft.

Adrien Gendre, Chief Solution Architect at Vade Secure said:

“When it comes to phishing in particular and cyber attacks in general, change is the only constant.

“Threats are evolving rapidly and they are becoming more and more credible to end users. This underscores the need for a comprehensive approach to email security combining threat detection, post-delivery remediation and on-the-fly user training as the last line of defence.”

Pauline Smith, Director of Action Fraud, said:

“We know that fraudsters will go to great lengths to target people on online marketplaces, which is why we are working hard together with our partners to highlight the threat and prevent people from falling victim.

“It is really important to follow our advice to help protect yourself and always trust your instincts – criminals will try and make unusual behaviour, like asking for a tracking number before you have sent the item, seem like a legitimate request.

“If you think you have been a victim of fraud, report it to us.”

A spokesperson for eBay, said:

 “Millions of buyers and sellers use our marketplace safely each day around the world. eBay takes privacy and security extremely seriously, which is why we continually invest heavily in measures to protect users around the clock. We also work closely with law enforcement agencies and regulatory bodies.

“Fraudsters use very sophisticated methods to try and circumvent trusted website security and we continuously enhance and update our security infrastructure to tackle new fraud trends. We encourage all members to take precautions that will improve the level of security protection on their accounts.

“Don’t get caught by fake payment emails and always confirm you’ve received a PayPal payment before sending an item – check your PayPal account and ensure the payment icon in your My eBay is highlighted.”

PayPal offer the following advice:

At PayPal we go to great lengths to protect our customers in the UK, but there are still a few, simple precautions we should all take to avoids scams. Our top tips to avoid getting caught out include:

  • Log into PayPal: If you receive a suspicious email, don’t act on the message or click on any links. Instead, open your browser, log into PayPal and check for any new activity. PayPal will also email or notify you in the app if you’ve received any payments.
  • Check the basics: Look out for misspellings and grammatical errors, which can be a tell-tale sign of a scam.
  • Verify an email’s authenticity: Phishing scams will often mimic the look and feel of PayPal emails, and ask you for sensitive information – something that real PayPal emails will never do.
  • How to spot the difference: A PayPal email will address you by your first and last name, or your business name, and we will never ask you for your full password, bank account, or credit card details in a message.
  • Avoid following links: If you receive an email you think is suspicious, do not click on any links or download any attachments. You can check where a link is going before you click on it by hovering over it – does it look legitimate?
  • Keep tabs on your information: Limit the number of places where you store your payment information online by using a secure digital wallet like PayPal. If you are making a purchase online, consider using a protected payment method such as PayPal, so if your purchase doesn’t arrive or match the product description, PayPal can reimburse you.
  • Easiest of all, use common sense: If a deal seems too good to be true, it probably is! Stay clear of exceptional deals or anything that is significantly reduced in price from what you would expect to pay.

If you think that you’ve received a phishing email, you can forward it to [email protected], without changing the subject line. PayPal will let you know whether it is fraudulent.

If you have been a victim of fraud or cyber crime, report it to Action Fraud online or by calling 0300 123 2040.

We’d like to hear from you

Share your views on what you think the biggest cyber threats are to the legal sector. Click here and take our survey, it’ll only take a couple of minutes.