A major UK-wide warning has been issued about an online scam involving fraudsters posing as payment website PayPal.
The alarm was sounded by Trading Standards officers in Cumbria who received more than a thousand reports about the scam in less than a day. It then transpired that similar reports were being made across the UK.
The scam involves fake PayPal emails being sent out, claiming that the recipient’s account has been ‘limited’ due to a policy violation. Within the scam email is a link which the recipient is asked to click on to resolve the issue. In reality it takes them to a fake but genuine-looking ‘PayPal’ website which is designed to steal their PayPal login details along with various personal and financial information – a process known as ‘phishing’.
If you receive such an email you should report it to the Suspicious Email Reporting Service (SERS) by forwarding the email to ‘report@phishing.gov.uk’. Do not click on any links within the email, attempt to reply to it or download or open any attachments.
‘Phishing’ is an illegal attempt to ‘fish’ for your private, sensitive data. It works by using false pretences to trick you into revealing personal or financial information such as bank account details, credit card details, passwords and so on. No genuine email from PayPal or any other legitimate company will ask you to disclose such information.
The most common phishing scams often involve sending emails or texts that fraudulently claim to be from a well-known business such as PayPal or high street banks and building societies. These usually link to fake websites where your information can be harvested if you type it.
Here are some tips from PayPal on how to spot scam emails:
- The Senders Address: The ‘From’ line may include an official-looking address that mimics a genuine one.
- Generic Greetings: Be wary of impersonal greetings like “Dear User”, or your email address. A legitimate PayPal email will always greet you by your first and last name.
- Typos/Poor Grammar: Emails sent by legitimate companies are almost always free of misspellings and grammatical errors. Many ‘phishing’ scams originate abroad and the use of English might be suspiciously poor.
- False Sense of Urgency: Many scam emails tell you that your account will be in jeopardy if something critical is not acted on immediately.
- Fake Links: Check where a link is going before you click on it by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click it.
- Attachments: A real email from PayPal will never include attachments. You should never open an attachment unless you are 100% sure it’s legitimate, because they can contain spyware or viruses.
- Tracking number: The email/SMS asks you to provide the tracking number of a dispatched item, before you’ve received a payment into your PayPal account.
- Clicking on links: Never click on a link in an email that requests personal information. Any time you receive an email about your PayPal account, open a new browser, type in www.paypal.co.uk, and login to your account directly.
As a general rule, never click on a link in an email that requests personal information. Any time you receive an email about your PayPal account, open a new browser, type in www.paypal.co.uk, and login to your account directly.
• For more information about staying safe when using PayPal, click here.