Since the pandemic hit, much more of our life has taken place online and many of us have turned to online shopping, particularly in the run up to the festive season. Unfortunately, this has also increased cybercrime, with criminals stepping up their efforts to target online shoppers with phishing attacks.
What is phishing?
Phishing is an illegal attempt to “fish” for your private and sensitive data such as usernames, passwords and credit card details. One of the most common phishing scams involves sending an email or text that fraudulently claims to be from a well-known company, like PayPal. These often link to fake websites (that look real!) where your information can be collected if you type it.
At PayPal we go to great lengths to protect our customers. However, there are precautions we should all take to avoid falling victim to phishing scams. Here are our top ten tips on how to better recognise dubious emails and websites, and keep your personal data protected:
- Check the basics: Look out for spelling mistakes and grammatical errors, which are a common tell-tale sign of a fraudulent message.
- Verify its authenticity: Phishing scams often mimic the look and feel of PayPal emails and ask you for sensitive information – something that we will never do. At PayPal, we will always address you by your full name.
- False sense of urgency? Be wary of communications that conjure a sense of urgency; many phishing scams tell you that your account will be in jeopardy if something critical is not updated right away.
- Spot the difference: A genuine PayPal email will only ever address you by your full name, or your business name – anything that starts differently should immediately raise your suspicions. Be wary of impersonal greetings like “Dear User” or your email address.
- Beware attachments: A real email from PayPal will also never include attachments. You should never open an attachment unless you are 100% sure it’s legitimate, because they can contain spyware or viruses.
- Log into PayPal: If you receive a suspicious email claiming to be from PayPal, don’t act on the message or click on any links. Instead, open your browser, log into PayPal and check for any new activity. If we do need you to take any action – you will have a secure message waiting within your PayPal account.
- Avoid following links: If you receive an email you think is suspicious, do not click on any links. You can check where a link is going before you click on it by hovering over it – does it look legitimate?
- Keep tabs on your information: Limit the number of places where you store your payment information online by using a secure digital wallet like PayPal. If you make a purchase online with PayPal and your item doesn’t arrive or match the product description – we may be able to reimburse you through our Buyer Protection.
- Easiest of all, use common sense: If a deal looks too good to be true – it probably is! Steer clear of clicking on links to exceptional offers or anything that is significantly reduced in price from what you would expect to pay.
- Report it: If you think that you’ve received a phishing email, you can forward it to firstname.lastname@example.org without changing the subject line. Make sure to delete the suspicious email from your inbox. We’ll look into it and let you know if it is indeed fraudulent.
Find out more about how to help us combat fraud by reporting suspicious emails, websites and SMS messages on our website here. You can also report phishing emails to the Suspicious Email Reporting Service of the National Cyber Security Centre at email@example.com. See more information on the National Cyber Security Centre’s Phishing information page here.
Remember – the best protection against phishing attacks is to exercise caution and think twice before you click. Follow our top ten tips to protect yourself and your data, and don’t get caught out.