Stories

Since the pandemic hit, much more of our life has taken place online and many of us have turned to online shopping. Unfortunately, this has also increased cybercrime, with criminals stepping up their efforts to target online shoppers with phishing attacks.

What is phishing?

Phishing is an illegal attempt to “fish” for your private and sensitive data such as usernames, passwords and credit card details. Similarly, smishing is when a scammer sends a text to your phone number on any platform with a fake phone number or URL with the same intention. One of the most common phishing and smishing scams involves sending an email or text that fraudulently claims to be from a well-known company, like PayPal. These often link to fake websites (that look real!) where your information can be collected if you type it.

At PayPal we go to great lengths to protect our customers. However, there are precautions we should all take to avoid falling victim to phishing scams. Here are our top ten tips on how to better recognise dubious emails, texts and websites, and keep your personal data protected:

1. Check the basics: Look out for spelling mistakes and grammatical errors, which are a common tell-tale sign of a fraudulent message.
    
2. Verify its authenticity: Phishing scams often mimic the look and feel of PayPal emails or texts and ask you for sensitive information – something that we will never do. At PayPal, we will always address you by your full name. 
    
3. False sense of urgency? Be wary of communications that conjure a sense of urgency; many phishing scams tell you that your account will be in jeopardy if something critical is not updated right away.
    
4. Spot the difference: A genuine PayPal message will only ever address you by your full name, or your business name – anything that starts differently should immediately raise your suspicions. Be wary of impersonal greetings like “Dear User” or your email address.
    
5. Beware attachments: A real email from PayPal will never include attachments. You should never open an attachment unless you are 100% sure it’s legitimate, because they can contain spyware or viruses.
    
6. Log into PayPal: If you receive a suspicious email or text claiming to be from PayPal, don’t act on the message, click on any links or, if a text, call the number it is sent from. Instead, open your browser, log into PayPal and check for any new activity. If we do need you to take any action – you will have a secure message waiting within your PayPal account.
    
7. Avoid following links: If you receive an email or text you think is suspicious, do not click on any links. When on your desktop, you can check where a link is going before you click on it by hovering over it – does it look legitimate?
    
8. Keep tabs on your information: Limit the number of places where you store your payment information online by using a secure digital wallet like PayPal. If you make a purchase online with PayPal and your item doesn’t arrive or match the product description – we may be able to reimburse you through our Buyer Protection.
    
9. Easiest of all, use common sense: If a deal looks too good to be true – it probably is! Steer clear of clicking on links to exceptional offers or anything that is significantly reduced in price from what you would expect to pay.
    
10. Report it: If you think that you’ve received a phishing email, you can forward it to spoof@paypal.com without changing the subject line. We’ll look into it and let you know if it is indeed fraudulent. If you think you’ve received a spam text, forward it to ‘7726’.

To forward a SMS message or an iMessage on an iPhone, touch and hold the message bubble that you want to forward, then tap 'More'. Then tap the forward symbol and enter the number 7726.

For Android devices, simply tap and hold one of the text messages that you want to forward. When a menu pops up, tap on 'Forward/Forward Message' and enter the number 7726.

For other messaging platforms, just block the sender, disregard the message and delete it.

Find out more about how to help us combat fraud by reporting suspicious emails, websites, and texts on our website here. You can also report phishing emails to the Suspicious Email Reporting Service of the National Cyber Security Centre at report@phishing.gov.uk. See more information on the National Cyber Security Centre’s Phishing information page here.

Remember – the best protection against phishing attacks is to exercise caution and think twice before you click. Follow our top ten tips to protect yourself and your data, and don’t get caught out.