If you are an online seller, to set up the payment funnel, you might be using a Paypal account in order to receive and send money. If you have logged into certain legitimate online websites to earn money, you can see that the payment withdrawal option is PayPal.
As per the Statista [The Statistics Portal], there were 244 million accounts active worldwide. As more sellers and service providers are coming to online business, more people create a PayPal account which represents a 15% increase for every year.
Since a tremendous amount of sellers, service providers and buyers login to PayPal account every day, cybercriminals smell it and they never miss a chance to chase users for Paypal Phishing attack.
Let's see what is PayPal in brief words. Then, we'll discuss a lot about what is PayPal Phishing and how can you protect yourself from PayPal Phishing attack.
You might also like to read: How To Protect Yourself from Identity Theft Online
What is PayPal
PayPal Holdings, Inc. is an American company which is operating throughout the world for supporting online money transfer. It has been widely used to send and receive payment for Buy and Sell process. It is considered as an alternative to wireless transfer, cheque and money order.
PayPal plays an important role for online sellers, retailers, and buyers. PayPal deducts a small percent of the fee for currency conversion but you know there is no fee to be paid by the consumers to purchase goods and services.
To register for a PayPal account, an Email address is required. Eg. Gmail ID. This email will be used to send and receive money.
What is PayPal Phishing
The term Phishing comes from the word "fishing". Catching or hunting fish through a specific tool that has a hook is called fishing.
Similarly, suspicious email shoots out to your email inbox to catch your private and sensitive data is called as Phishing.
A phishing email looks exactly like an email sent by a reputed company.
Since we are discussing PayPal phishing, let me show you how a phishing email looks similar to a real PayPal email.
Here are the PayPal Phishing examples:
From these two examples, it says that your PayPal account is limited, you have to solve the problem in 24 hours.
It certainly threats the PayPal user and tricks them to log in to their account through the email link.
Never ever believe these kinds of emails because these are fraudulent emails to hunt your sensitive data.
If you click on the link included the phishing email, you may be redirected to a fake PayPal login page.
The real PayPal page's URL is: https://www.paypal.com/
While a fake PayPal page's URL might be like this: http://www.paypall.com/ or http://www.pay-pal.com/
The interface of a fake PayPal page will look like a genuine PayPal page. If you blindly believe that as a genuine one, obviously, you may enter your PayPal email address and password to log in.
Note: After you clicked the login button, your PayPal email address and its associated password will be sent as an inbuilt email to the cybercriminals.
Again you may believe that you've successfully logged in to PayPal website.
Then you will be redirected to another fake page to get your personal information like identity, bank information, and credit/debit card information including CVV and more.
Look at this fake PayPal page that asks for sensitive information:
Cybercriminals need your sensitive data to steal your identity for getting a financial advantage.
Now we are going to discuss how can you protect yourself from PayPal Phishing attacks.
How To Protect Yourself From PayPal Phishing Attack: Tips
PayPal phishing attack is happening all over the world. Each and every single day, tons of PayPal users fall prey to cyber attackers.
To protect yourself, you need to be aware of it and follow the tips I have explained below:
- Make sure your password is very strong. It should be neither "weak" nor "medium". It must be "strong" enough.
- Never have an idea to enter your sensitive data like bank information and other financial related information in response to the phishing emails.
- To be more clear, always enter the full address of the PayPal website in the browser's address bar.
The genuine PayPal website should start with HTTPS. It shouldn't be just HTTP. In addition to this, check for the padlock symbol in the browser's address bar.
- Do not use your PayPal email address for sales and customer service. Set up a different email for your business. This is a very good step to mask your PayPal email address.
- Check whether the received PayPal greets you with your First and Last name.
- Check for spelling and grammar in the suspicious email.
- Most of the PayPal phishing emails will threaten you to update sensitive information.
- Check for any software attached to the phishing email. Here, cybercriminals play another trick. They want you to either click the included link or download attached software. The attached software might be a virus or malware. Again, all they need is Your Identity to rob your money.
- Do not rely on the links given in the email as a shortcut to enter PayPal website.
- Cybercriminals would love to tempt the users of PayPal by sending a fake email that has amazing offers. Please note that the official PayPal website never sends offers to their customers to their email or phone number.
- If you're not sure whether the received PayPal email is from a genuine PayPal website or fake, close the email and login to official PayPal website from a web browser. Then you will come to know whether your account requires security information for protection.
PayPal offers additional layers of security features to verify the authentication of login. They are:
1. Setting up security questions,
2. Setting up the PIN for a mobile number.
Let's see how these features could actually secure your PayPal account.
1. Setup Security Questions
If you've logged into official PayPal website, go to Settings (or click the Gear symbol ) > Security > Security questions.
Here, you need to set two questions and its answers. Therefore, when you log in to the official PayPal website to change your current password, you will be asked to answer the security questions.
2. Setup PIN For Your Mobile Number
While you're traveling or busy at work, you may check your PayPal account through PayPal app. If you setup PIN for your mobile number, you need to enter the PIN for every transaction.
To set PIN from the web version, go to Settings > Security > Mobile number and PIN.
You can also set PIN directly from PayPal app. You could activate multiple mobile devices for payments.
You might also like to read: How To Protect Yourself From Massive Ransomware Cyber-attack
To Sum Up
I believe that the tips given in this post have given clarity in your mind about PayPal phishing. The first thing you should have to avoid these kinds of phishing attacks is awareness. Share this awareness with your friends and family.
Thank you for reading this post!