Smishing - PayPal Phishing: “Your Account is Limited”
What is SMISHING?
“Smishing is the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.” It is a criminal’s way of using phishing and texting to gain personal data such as social security numbers and other private information.
How do you protect yourself against it?
First know who is sending a text message to you. If it is to good to be true then its not safe.
- Be aware of urgent security alerts, and you-must-act-now coupon redemptions these are warning signs that someone is SMISHING.
- A financial institution or merchant will not send a text message that asks to verify your account information, confirm an ATM pin number. If you get a text like this and you are unsure call your financial institution. It is not wise to reply, click on links or call the number in the text.
- Beware of suspicious phone numbers. Phone numbers that look off and are not a mobile number or strange area codes like 473 which is not a US area code. Phone numbers ending in “5000” these numbers are linked to a scammers email and not their phone.
- Never click a link or phone number in any message you unsure of.
- Do not store credit card or banking information on a smart phone.
- Do not respond or be tempted by these scammers.
There are layers of security:
- Device protection – set up for remote data “wiping” if the phone is lost or stolen.
- Data protection – stops the sensitive information from being transferred over different networks.
- App-management security – the apps have their own information programed in and have there own built in security to ensure information within the apps are safe.
Report all smishing attacks to the FCC to try and protect others and yourself in the future.
PayPal Phishing: “Your Account is Limited”
A PayPal smishing campaign is trying to trick users into handing over their credentials and personal information, BleepingComputer reports. The text messages state, “PayPal: We've permanently limited your account, please click link below to verify.” (Note, by the way, the poor command of English idiom. The message includes a comma splice and there’s some uncertainty about the use of articles.)
The link in the message leads to a phishing page that appears identical to PayPal’s login portal (although the URL is clearly different). If a user enters their credentials and clicks “Log In,” they’ll be taken to a second phishing page that asks them to enter their name, address, and bank account details. All of this information will be sent to the attacker.
BleepingComputer says users should be wary of any unsolicited text messages, especially if they contain a link. PayPal does limit accounts when it detects suspicious activity, but you can check the status of your account by going directly to paypal.com instead of clicking on a link in a text message.
“Smishing scams are becoming increasingly popular, so it is always important to treat any text messages containing links as suspicious,” BleepingComputer writes. “As with all phishing emails, never click on suspicious links, but instead go to the main site's domain to confirm if there is an issue with your account.
The publication also offers advice for people who may have fallen victim to this attack, urging them to be on the lookout for future social engineering attacks that incorporate their personal information.
“If you received this text and mistakenly logged into your PayPal account or provided other information, you should immediately go to Paypal.com and change your password,” BleepingComputer says. “If you use that same password at other sites, change them there as well. Finally, you should look out for other targeted phishing campaigns using the submitted data. BleepingComputer also suggests that you monitor your credit report to make sure fraudulent accounts are not created under your name.”
« Return to "Blog"