Most businesses have a PayPal account setup that we use to purchase items online. One of the new services that many have signed up for but are not really familiar with is the new Bill Me Later service offered through PayPal. If you are not familiar with this service you can find more information here: https://www.paypal.com/us/webapps/mpp/billmelater-productoverview
Ultimately the service is something a vendor can offer for you to buy items/services/products for a period of time without payments or interest. It is becoming very popular and since it is presented when you checkout it is an easy service to opt-in to and most of us never read the Terms of Service when we do that. So we have the perfect elements for a Phishing Attack now. Unfamiliar with Phishing? Phishing (defined here by Wikipedia http://en.wikipedia.org/wiki/Phishing) is :
“Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.”
Basically whenever you receive an email that looks to be from a legitimate vendor that says something is wrong with your account, a charge has been made, or some other message that will draw an emotional response in an effort to have you click on a link that will then attempt to gather your personal information. We have all gotten them and the worst thing you can do is to click on any of the links in that email. So what can you do? These can be used for ALL Phishing scams but is written for this particular scam.
- First, NEVER click ANY of the links in an email like this. These emails will come when you are sure you did not make a purchase and will attempt to use emotion to have you start the process of giving your information away. They will look legitimate but we can diffuse them in a few easy steps.
- Open a browser (Internet Explorer, Firefox, Chrome, etc.) and login to the account referenced in your email and see if any transactions are pending. In this instance it was my PayPal account so I logged in and could see that nothing had been presented or purchased from my account.
- You can also simply “mouseover” any links in the email WITHOUT CLICKING and see where they are sending you. As you can see in the screenshot below the link said it was going to PayPal but actually was linking me to another site not affiliated with PayPal at all.
- You can also call customer service and talk to a representative and explain the email. They have most likely seen it before or can help walk you through additional steps not covered here.
- Other indicators that this is a Phishing email include my name being presented Last Name then First Name.
At first glance this would look legitimate but common sense a the few measures taken above can ensure you are not a victim of this Phishing Scam.
Now, for the bad part, if you did not follow the steps above and clicked on one of the links. What do you do now?
- If you entered in any personal information such as a username or password, then you need to change them IMMEDIATELY!
- If you were asked to download any software and even if you were not you need to run a Virus and Malware check as well. If you are not sure what those are you should contact your IT Department, IT Manager or whomever you use to fix your computers and tell them what happened.
Sadly these emails will not go away and as new services become popular people will become targets of emails like this. There will ALWAYS be warning signs to take into account that you can use to help protect you so never fear. In this instance, I knew I did not have a Bill Me Later account tied to this email at all, but I still double checked through my PayPal account and found out that nothing was charged. You can always report phishing emails like this to firstname.lastname@example.org as well.
Remember to always use common sense and take a few minutes to read about the accounts you sign up for. Empower yourself and don’t allow yourself to become a victim of Phishing or other email scams.