A PayPal Phishing Scam
By SecureMac.com
Imagine this: You get a PayPal invoice charging you for something that you didn’t buy. The invoice actually comes from PayPal.com — you checked the email headers as you always do. There’s a number on the invoice that you can call if there’s any issue.
Do you call the number?
If you said “yes,” you wouldn’t be the only one — but you would be opening yourself up to a scam.
According to a new report from KrebsOnSecurity, “scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge.” If you call, you end up talking to a scammer. The bad guy then tries to get you to go to a website that distributes malware.
It’s not clear exactly how the scammers were able to send an invoice using PayPal’s tools. Krebs speculates that it was a compromised or fraudulent PayPal business account. However, this is a good example of why we recommend not replying to random emails that come to your email account — or calling the “customer service numbers” often included in such emails.
To be safe, look up the relevant contact information yourself and reach out to investigate the alleged issue. In this case, you’d want to contact PayPal directly to complain about an incorrect invoice!
Image credit: Muhammad Asyfaul, Unsplash
