Recent phishing scams targeted both Gmail and Yahoo, and now attackers have their sights set on PayPal with some very convincing bait. With fake websites and email campaigns that look real, it’s easy to be fooled, and potentially have your identity and money stolen by scammers.
How to protect yourself
First, do not click links or open attachments in unsolicited email—if email supposedly from e.g., PayPal, says you have a problem, open a new browser tab or window and log directly onto PayPal by typing in the web address.
Second, if you get such an alert while you are browsing, verify that the URL in the address bar looks as you would expect—if the alert appears to come from PayPal, be very suspicious if the address bar doesn’t start out www․paypal․com or www․paypal․com. Instead, go directly to the website by typing in its address.
Third, since phishing becomes more of a problem when the same password is utilized across multiple sites and services, consider deploying two-factor authentication (2FA). By requiring a one-time password generated by a user’s smartphone as a second form of authentication, 2FA helps block unauthorized access.