Watch out for Fake PayPal SMS Messages That Are Used by Schemers!

It seems that only yesterday we talked about the “New Login From Unknown Device” scam designed to trick unsuspecting PayPal users into giving away their sensitive information. This scam centered around emails that were devised to lure personal information from you. Of course, cybercrooks are not going to pull back from their relentless attacks. And so, we have yet another dangerous campaign to talk about. This time, it is an SMS scam for PayPal users. The scam was reported by PayPal users, and we’re going to make use of this opportunity to delve deeper into the subject.

How does the PayPal SMS scam work?

The name itself is quite self-explanatory, right? It basically means that this scam relies on fake PayPal SMS messages to trick users into giving away their personal information. We might not be using text messages for communication as often as before, but businesses still employ them increasingly often for basic customer service communication. After all, no matter what kind of phone or reception coverage you have, the chances are that text messages would reach you anyway. So, it is not that surprising to receive sales offers, notifications about take-out orders, and even one-time passwords via SMS.

This kind of environment makes the SMS scam quite believable. Also, here, we have a number acquisition problem. How did the cybercriminals get your phone number? It’s very likely that some of your personal information got stolen from one of the many accounts that you have on multiple services, and the information was sold on the darknet for a price. Of course, it would be ideal if you could change your phone number, but that is highly cumbersome. Instead, you should report the number that you see at the top of the fake PayPal SMS message.

You must have noticed by now that when you receive text messages from various services, there usually is no number at the top where the sender is indicated. You mainly see the name of the sender, like PayPal, Google, British Airways, what have you. Scammers, on the other hand, often do not go that far, and you still see a phone number at the top instead of a name. And THAT is the first red flag which indicates that there’s something utterly wrong about the text you received.

Next, the fake PayPal SMS message claims that there are some problems either with your PayPal account or with your payment. It then tells you to visit a hyperlink that is pasted in the message so that you could fix that problem.

Please note that reputable services would selfdom send a text message with a complicated hyperlink. Normally, you get a text with either a domain name (like cyclonis.com) or a message that encourages you to check out the service through their app or main website. In fact, it’s always a good idea to access the service directly through your browser instead of clicking links in the texts you receive. After all, as we have mentioned above, the main objective of this SMS scam is to steal your personal information. And if you click the hyperlink in the text, that’s exactly what those crooks will do.

How does that happen? Well, if you click that link, you will be automatically redirected to a website that looks exactly like the PayPal login page. The moment you “log in,” the criminals obtain your email address and password, and then you get redirected to yet another bogus page where they ask you to enter your personal information to “verify” your account. This way, the criminals can lure out such information as your name, address, date of birth, credit card numbers, and other personal data. All the while, it will look like you’re renewing your details on a legitimate PayPal website. Scary, isn’t it?

How can I avoid the SMS scam?

We have already mentioned the basics of avoiding SMS scams: do not click the links you receive via text messages. This is especially relevant when the message in question comes with a very urgent tone. If you must check whether you really have some problem with your PayPal account, you can always access it via your phone app or through web browser. Just do not be so hasty as to tap the link in the text.

Next, one of the best ways to avoid SMS scams is to boost your PayPal account security. Have you ever checked what kind of notifications PayPal can send to your phone in the first place? If you log in to your account and tap the settings icon (that’s the cogwheel at the top right), you will reach the notifications section. There, you can see that there are five types of notifications related to payments that you can receive from PayPal. You can get notified via text when you make a payment, start a payment but don’t complete it, have a problem with payment, request a payment, and receive a payment. You can also toggle the settings in a way that you will only receive email notifications and no texts.

So, if you know what kind of texts you can receive from PayPal, you will be less susceptible to SMS scams. But that’s not everything. Let’s not forget that your PayPal account has a lot of sensitive information (including your phone number), so you should definitely make sure that it is protected.

When was the last time you updated your PayPal password? Maybe you’re tired of renewing your passwords all the time, and you clearly know that using your dog’s name for that is not the safest option. How about using a password manager tool to generate new strong passwords and keep them safe under a strong encryption?

While you’re at it, you should also consider setting up 2-step verification on your PayPal account. Sure, a strong password is a good idea, but several layers of security are even a better option. If you’re still in the settings menu, click Security (that’s on the left from Notifications), and click Set Up next to 2-step verification. There, you can choose to get a one-time code through a text message each time you try to access your account. If you take these safety measures and be careful about the worrying texts you receive from unknown parties, you should be able to avoid dangerous scams and protect your personal information.

By Foley
April 20, 2020
April 20, 2020

Leave a Reply