What’s Phishing? Don’t Let Cybercriminals Reel You In
Keeping your online accounts secure is more important than ever: A growing number of fraudsters are trying to steal your information, such as passwords and personal banking details, using a method known as phishing, in which they impersonate a business through emails and fake websites.
In fact, at PayPal we receive close to 15,000 phishing reports each day from around the world.
Fraudsters often try and trick you into handing over your account password or personal information, typically using email, and then use what you give them to compromise your account.
“Scammers can impersonate you online, steal money from your bank account, and use your online identity to perpetuate their scams on others,” said Rahul Shinghal, General Manager, Southeast Asia, PayPal.
Online security is a full-contact sport, and it takes a team to keep your account secure.
PayPal defends against 150 major attack campaigns every day, and works constantly with its industry partners to help eradicate fraudulent phishing websites. As a customerthere are some things you can do to help keep your account secure, too.
Who sent that email?
When you get an email from someone asking for personal information, look at the address. Fraudsters will often try and make it seem as if a message is coming from a company like PayPal, but something is always a little off.
“Look for red flags such as poor grammar or spelling, and URLs and domains that don’t match the sender,” Shinghal said. For instance, if there’s a PayPal logo on an email but the message appears to have come from an odd website rather than paypal.com.
Other warning signs include any email that demands you respond urgently, asks for your social security number or banking information, or includes suspicious attachments.
“Don’t click on email attachments unless you are sure of its origins, and don’t click on emailed links unless you know where the link is going,” Shinghal said.
If you see a link in an email, don’t click on it: It’s hard to determine where that emailed link will really take you. In the case of phishing, what you think is a legitimate URL could lead you to a fake website designed to steal your username and password.
Be careful what you post
In this social media age, we’re all a little more willing to post things like our hometown, pet names and birthday. If you’re also using some of those personal details as password reset questions, then you could be inadvertently handing your virtual keys over to an attacker. Be vigilant about what you share online and with whom.
Choose unique passwords
Good online security starts with a secure password. One fundamental thing you can do to keep yourself protected is to use unique passwords for all your accounts, especially those that include banking information. That way if someone gains access to one of your accounts, they won’t get into others as well.
You should also enable two-factor authentication where possible. With services such as PayPal, you’ll be texted a unique code when you log in, so even if an attacker gets your username and password, they still can’t access your account.
If you think your PayPal account might have been compromised
Contact us at email@example.com, and forward the email in question. Our team will do our very best to help and ensure that there is no compromise to the safety and security of your PayPal transactions.
 Statistics from the PayPal Fraud Tracking System (FTS) in August 2015