Be careful if you receive an email from PayPal! Hackers pretend to be the payment service in order to steal your credentials, and thus access your account as they see fit. Don’t fall into the trap!
In principle, going through a third-party payment system like PayPal guarantees never exposing your banking data (account number, IBAN, bank card number, etc.). And it is precisely this security that reassures users of this solution during their Internet transactions. No wonder the payment platform is so popular! But this popularity makes it a prime target for cybercriminals, who see it as a veritable gold mine of data just waiting to be stolen. Also, users are regularly victims of phishing, cyberattacks and scam attempts. Therefore, we recommend that you always be wary when you receive an email or text message purporting to be from PayPal. A phishing campaign is also underway, and suffice to say that it risks causing quite a few victims!
PayPal scam: a deceptive email to steal your credentials
The first sign that should alert you is the sender’s address, which is a bogus Gmail address. But some people may not pay attention to it, reassured by the content of the message, which uses exactly the same graphic charter as PayPal, for a most convincing rendering. The message uses a classic social engineering technique, announcing that a fairly substantial payment authorization is in progress. “You have authorized a payment of € 120.99 EUR at Xroom”, can we read for example in an e-mail. The goal is to create a sense of panic and urgency to prevent you from thinking straight and gaining perspective. Obviously, like any good phishing attempt, the message contains a suspicious link, supposed to direct you to the transaction link. Surprise: this is indeed a legitimate link, which redirects you to a real PayPal login page, and not to a fake version of the site. Reassured, you let your guard down. And that’s where the trap closes. You are prompted to click a cancel transaction button, which actually redirects you to a phishing page. Above, you will enter your PayPal credentials, which will instantly deliver you to hackers.
PayPal phishing attempt (@PayPalFrance), very well done.
The email is sent to the usual PayPal account address. As mine is connected to a CB powered on demand, I know that the email is fake. But I unfold to see pic.twitter.com/zJXbA2D601— Alexandre Lenoir (@alex_lenoir) February 15, 2024
Also, be wary of emails supposedly coming from PayPal but sent from a Gmail address or other email services, informing you of receipt of payment via PayPal, or asking you to send a tracking number to PayPal to retrieve your money. If any of the above situations arise for you – and PayPal itself says so – end the communication immediately. To ensure that you have received your payment in the event that you make sales on classified ad sites (Leboncoin, eBay, Vinted…), always check your “Activity” section of your personal account. If the payment does not appear in your PayPal account, do not ship the item. If you have already shipped it, contact the shipping company as soon as possible to stop the delivery. If you ever come across a suspicious email or site, you should send it to [email protected].