Yes, I made this transaction. Thanks for using my real name, PayPal!
Black Friday panic
Now that it’s that time of year again, with people in a clicking frenzy as they nab the ‘best’ Black Friday deals and overspend on Christmas cheer, hackers are rife. So whilst you’re in a late night panic that your Mekamon robot or M&S hamper won’t arrive in time for Christmas, remember that someone out there is probably preparing to hack you.
First things first, if the e-mail didn’t address you by name, then it’s a fake. Dear customer, dear client, dear [insert e-mail address]. All fakes.
The latest spoof was a “we couldn’t verify your recent transaction” mail. Clicking the link in the e-mail then takes you to a phished version of the PayPal resolution center. Sure, there’s the PayPal logo, that familiar, trusted design of the interface. But here you’re asked to enter your PayPal credentials, address, phone number, DOB, payment card information…
Surely PayPal would have all this information stored on your account already? They’re asking for your mother’s maiden name too, not encrypted either? Alarm bells. To make matters worse, there’s a glaring side bar listing all the things that a user can’t do whilst their account is inactive. Cue wearied online shoppers entering everything but their dental records…
The spoofed site itself looks relatively legit, but of course, the clue’s in the URL. It’ll be something that’s definitely not PayPal.
It can be hard to remember where and what you’ve bought online, but be aware. Human errors are the flaw in most cyber security operations. Don’t just click links in e-mails – go to the site yourself and log in the normal way. If there were any problems or errors then they would be flagged up as soon as you logged in.