In an article in Forbes, Davey Winder highlights the persistent cyberattacks targeting PayPal users. While these attacks still use tried-and-true tactics for phishing, they also have evolved beyond traditional phishing methods. And they are succeeding. Now they are employing sophisticated techniques that do not necessarily rely on deceptive emails or messages.
One notable method involves credential stuffing attacks. This is when cybercriminals use automated tools to attempt logins on accounts, including PayPal, using credentials obtained from previous data breaches. This tactic exploits the common practice of password reuse across multiple platforms. Once unauthorized access is gained, attackers can initiate unauthorized transactions, potentially leading to significant financial losses for the victims.
Another method is to send user notices that there is a problem with their account. With these, the attackers impersonate PayPal communications to use fear against victims. The intent is that the user will provide information to the attackers so they can take over the account.
The payment request does come from PayPal, so the email may seem legitimate. Even hovering over the Pay Now link will show paypal.com as the true domain. The scammer is sending payment requests from PayPal, so the only way to see it's a scam is by inspecting the payment request itself. Do you know this person? Do you recognize the company or transaction? A quick Google search will give you much more information.
The last one noted are order confirmation scams. In this case, the attacker wants the victim to believe a purchase with the account has been made in a large sum of money. Again, the intent is to steal credentials and take over the account.
It’s also advised to use unique, strong passwords for each online account, not to use passwords across different services, and stay informed about the latest cybersecurity threats.
If you have trouble thinking of hard to guess or crack passwords, try creating a base password of six characters that is a mix of upper- and lower-case letters, numbers, and special characters. Add a few letters from the URL of the website you’re logging into onto the base password. That way, it’s very unlikely you’ll have two passwords that are the same.
In response to these threats, PayPal has implemented several security measures, including multi-factor authentication (MFA) and advanced monitoring systems to detect unusual account activity. The company advises users to enable MFA, as do security experts, regularly update passwords, and remain vigilant spotting suspicious account activity.
SUBSCRIBE TO WEEKLY NEWSLETTER
