Security Tip of the Week – Smishing with PayPal

Keller Schroeder Security Solutions Group Logo

The message states “PayPal: We’ve permanently limited your account, please click link below to verify.” If you click on the link provided, you are taken to a PayPal look-alike page and asked to log in.

Bad actors take this scam one step further. If you enter your login credentials on their phony page, you’ll be taken to a second page that asks for your name, address, and bank account details. Everything entered on these pages will be sent directly to the bad guys.

While this is an advanced attack, you can still stay safe by practicing the tips below:

  • Check for poor grammar in supposedly-official messages. Did you catch the grammatical error in the example above? It asks you to “click link below” instead of “click the link below”.
  • Question the situation. For example, did you give PayPal your mobile number? And did you ever sign up to receive text notifications?
  • Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, navigate to the official website and log in there.

Stop, Look, and Think. Don’t be fooled.


KnowBe4 Logo - Keller Schroeder Vendor Partner

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.


DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.

Share:

Join Our Mailing List

More Posts

Security Tip of the Week – Smishing is All the Rage

Cybercriminals are designing their attacks for use on mobile devices because you are six to ten times more likely to be tricked by SMS phishing. According to a recent report from security vendor Zimperium, you are six to ten times more likely to be tricked by SMS phishing (smishing) than traditional email phishing. Cybercriminals love