Security Experts Warn that New PayPal Scam Emails Target Innocent Users
Softpedia.com published news on 20th November, 2014 quoting a warning of security experts as "cybercriminals have started a fake campaign to harvest a global online payment giant PayPal credentials and are delivering fake emails to users." The email entitles as "Receipt for your payment to Apple Store Australia" and the body of the email contains a false invoice purportedly issued by Apple for purchasing a product for AUD 158/EUR 108/USD 136.
An option as a link is given towards the end of the digital invoice to dispute the transaction and stop the delivery of payment to Apple. Nonetheless, the email is not from PayPal and the listed transaction is false and the email is a phishing scam. The criminals believe that several people who receive the email will assume that their PayPal account has been compromised and will immediately click the link of 'dispute transaction'.
On clicking the link, a fake PayPal website is opened, which prompts you to login with your PayPal email address and password. Once you have 'logged in', you will be directed to another counterfeit page which asks for details about your identity and credit card. The payment can be cancelled by entering the information which apparently authenticates your identity.
When you submit the information and click the 'Cancel Payment' button, you will get a message finally saying "that the transaction has been successfully cancelled". In the meantime, the criminals responsible for the scam can takeover your PayPal account and use information about your identity and credit card to carry out falsified transactions in your name.
The password and your email are sufficient to login into your account unless two-factor authentication (2FA) becomes enabled.However, cybercriminals are aware that some users might have defended this fraud; the added information required can be used to evade the security checks positioned by PayPal to prevent unauthorized log-in which gives cybercriminals unhindered admittance to the account. Security experts highlight that user can identify an email as a scam if the user is not addressed by name because PayPal in their notifications always address their customers by registered first and last name.