The end of the financial year must be approaching, because we’re seeing more alerts from places purporting to be PayPal, but don’t be fooled, especially when you smell a scam.
Emails are beginning to stack up in the GadgetGuy press inbox faster than we can click delete. It’s probably happening to you as well, as scammers, con-artists, and anyone interested in doing a dodgy preps a fake email to convince you that yes, you have money waiting in a PayPal account unclaimed.
We probably don’t have to tell you there’s no such thing as a free lunch, and no such thing as free money, so expecting PayPal to instantly reward you for being a customer is just nuts, but people still believe in these things, so as the emails start to pile up, it’s time to revisit a topic that never goes away: scam emails.
Also known as phishing emails, these start to build up around events where people will be heading online to get work or shopping done in more frequent numbers.
“Phishing campaigns can be organised around times of the year it would be appropriate to ask for money, like near a graduation day, or other similar events,” said Cameron Camp, Security Researcher at ESET, a security company with over 25 years of experience which previously released a security application named NOD32.
You may not be graduating, but in Australia, the end of financial year is approaching, and that means tax returns and the potential of money sent back from the tax department. For scammers and phishers, this is a possibility too hard to pass up, with the chance of snagging some gullible soul keen to get some of that non-existent free cash.
Most people will delete the fake PayPal emails on the spot, and many of us have filters to send these emails where they belong: the trash.
But some still click, and that’s where it gets interesting, as the link you’re clicking on is fake, and rather than taking you to the real PayPal website, you’re taken to a clone for you to put your details in, with a scammer on the other side ready to use your account against you.
“It is important not to fall for phishing scams by clicking on links purporting to be from PayPal, but login directly to the PayPal website itself,” said Camp.
“Also, make sure you’re using the SSL (Secure Sockets Layer) version of the site. Namely, make sure that there is an https:// as opposed to just http:// before the domain name, and make sure the domain name contains PayPal.com, not just a close variation.”
That last point is a particularly important one, as scammers know that most people won’t check the links before they click on them, and if there’s a slight spelling error, chances are that it won’t be picked up.
For instance, you might go to Payepal.com or Paypal.cm, with these missing characters sending you to different places.
Worse, URLs can be easily faked, so even if it looks like the real PayPal, it’s possible you’re landing on a fake site.
Ultimately, if you think there’s any money in your account, type in the address for PayPal in your browser and login the official way, settling it once and for all, because it’s possible that someone does want to give you free money, but it’s also possible — and likely — someone is trying to con you.