Scam of the Week - Smishing with PayPal
A new Smishing (SMS Phishing) attack uses an urgent text message to trick you into clicking a malicious link. The message states “PayPal: We've permanently limited your account, please click link below to verify.” If you click on the link provided, you are taken to a PayPal look-alike page and asked to log in.
Bad actors take this scam one step further. If you enter your login credentials on their phony page, you’ll be taken to a second page that asks for your name, address, and bank account details. Everything entered on these pages will be sent directly to the bad guys.
While this is an advanced attack, you can still stay safe by practicing the tips below:
- Check for poor grammar in supposedly-official messages. Did you catch the grammatical error in the example above? It asks you to “click link below” instead of “click the link below”.
- Question the situation. For example, did you give PayPal your mobile number? And did you ever sign up to receive text notifications?
- Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, navigate to the official website and log in there.
Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team