Expects have issued a warning about a new phishing scam that could lead to people having their personal and business bank accounts emptied.
The most recent scam targeting PayPal users, is a legitimate-looking email offering the chance to win a £500 Tesco gift card through your PayPal account. But once logged in, scammers have access to your bank account and any cards linked to your PayPal account.
Secure payment provider, Dojo is urging people, especially small business owners to stay vigilant. It found that Google searches for “PayPal scam email 2022” have soared by a whopping 1800 per cent over the last 12 months.
READ MORE: Food supplies ‘under threat’ amid fears of carbon dioxide shortage
Chief Information Security Officer, Naveed Islam said: “Scammers are getting more creative with their deceit. With the rise in e-commerce accelerated by the global pandemic, seasoned fraudsters are seizing the opportunity to exploit the vulnerable and less-tech savvy.
“For the many people adopting technologies such as online banking and shopping for the first time during Covid-19, these frauds are incredibly convincing and traumatic.”
Another recent scam circulating includes fraudsters posing as Royal Mail and asking for a £1.99 payment to reschedule delivery. Once paid, the scammers gain access to the victim’s PayPal account. Post Office Parcel Delivery has also been a victim of scammers to get people to hand over personal information.
Dojo has offered five top tips for spotting a phishing email, urging potential victims to spot the signs.
-
Check the sender’s email address
Often scammers will use a suspicious email address that includes words that don’t relate to the company they impersonate or lots of numbers. -
Check for poor spelling and grammar, or mistakes to the company’s name
Although some fraudulent emails are highly sophisticated, many of them can be poorly worded and there are some tell-tale signs they’re not legitimate. -
Check the formatting of the email
A lot of companies send legitimate emails from a templated third-party system. Your favourite brands will often spend a lot of money making their emails branded and it can be difficult for scammers to replicate these email templates.
So if you see plain-text emails with no branding – or brand logos replicated in low resolution, look back at your inbox to see if this matches the company’s typical communication designs. -
Don’t rush to action their demands
Often scammers thrive from creating a sense of urgency and panic from the recipient. They will use scare tactics or threatening language to make you rush into doing something.
Whether it’s clicking a suspicious link or providing your personal data, you should take some time to review the email and research its legitimacy before taking any actions.
If you’ve already clicked the link, check the URL straight away and do not login anywhere as scammers can capture your details to take over your account. -
Never send sensitive data via emails, or online links from emails or SMS
If you do suspect you’ve been sent a phishing email, do not click on it and try not to open the email at all – especially if you’re using your work email. Scammers often leave malicious links within the email that once clicked allow them to enter your computer’s system.
If you accidentally click on one of these emails you should change your passwords immediately and check your bank accounts regularly to make sure no money has disappeared. If this happens you should alert your bank immediately and they will guide you on further action.
If you’re concerned about your work email account or laptop, you should contact your information security team straight away and flag your concerns. It’s always better to be cautious and vigilant when dealing with online security. -
Contact the company implicated
Whether you’re unsure, or you’re totally convinced that you’ve received a scam email pretending to be a company, reach out to that company to inform them and see further information. They will be able to let you know within an instant if the communication you received was legitimate.
And often large brands will have dedicated teams investigating frauds affecting their customer base and damaging their brand reputation, so they will undoubtedly appreciate any information you can provide that can stop these fraudulent activities going forward.
Mr Islam also added the following advice to people who have received similar tests or emails. He said: “Your bank, or any other business or organisation, will never ask you to share personal information over email or text. The best advice is to confirm if it’s genuine by contacting them directly using contact details from their legitimate website.
“If the email address from the sender doesn’t look like it’s from a genuine address, don’t click on it. If you think it is a scam, you can forward the email as an attachment to Action Fraud who will investigate. You should also report suspicious emails to report@phishing.gov.uk .
“Additionally, if you receive a suspicious SMS message, you should forward the message to 7726 so that the network provider can investigate the origin of the text and arrange to block or ban the sender, if it’s found to be malicious.”
READ NEXT: