Over £44,000 lost to a PayPal scam that uses hacked Facebook accounts to lure victims
New alert from Action Fraud and the National Fraud Intelligence Bureau regarding PayPal scam.
These phishing emails contain bank logos and contact information to make them appear genuine. The emails typically state that the bank is 'implementing new authentication procedures' and request that the recipient complete an 'account verification process'.
To do this the recipient is usually asked to click on a link in the email. The link will then direct them to a copy of the bank's website. Any personal or financial information that is then divulged is stolen and could be used to access bank accounts or for identity theft. Clicking on an unusual link or downloading a suspicious email attachment may also leave a computer vulnerable to viruses/malware.
Features to look out for that could indicate the email is a scam
- If it's unusual or unexpected, (e.g. if it is a bank you have not got an account with)
- If it's addressed to 'Dear Customer', not to you directly
- If it has been sent from a public email domain, for example @hotmail.co.uk
- If it's poorly written or there are misspelt words
- If hovering your mouse over the link in the email reveals a suspicious web address
- If the email creates a sense of urgency, for example suggesting that if you don't act immediately, you will be locked out of your account
- If it contains any suspicious attachments
- If your email provider has already placed it in your junk folder
Remember, criminals don't only send bogus bank emails. You may also receive scam emails that falsely purport to come from a company you have purchased goods or services from or a Government or council department.
What you can do
- Never download an attachment or click on a link in a suspicious email. Even if you believe the email to be genuine, it's always safer to log into a bank, company, or Government account by typing the correct web address into your browser or by using the official app
- Never respond to a suspicious email, doing so may encourage scammers to send you more phishing emails
- Mark the email as junk, so that it goes directly into your junk folder if it is sent again
- Forward the email to the National Cyber Security Centre: report@phishing.gov.uk The NCSC has the power to investigate and take down scam email addresses and websites
- If you think you have accidentally compromised your passwords or usernames, change these as soon as possible and alert the bank/company/organisation
- For more advice on cyber security, visit: https://safeinwarwickshire.com/cybercrime/
Also be wary of any unusual bank text messages. Scammers use 'number spoofing' to make their bogus texts appear genuine. These texts may even appear within the feed on your phone amongst genuine messages. They may suggest there has been an unauthorised transaction on your account and request you click on a link in the text to resolve the issue. This link may be masked as a 'yes' or 'no' response. Again, follow the advice above.
