This time, the attackers targeted the PayPal payment service and sent users phishing SMS messages. They are trying to obtain sensitive data from them, which can be used in further attacks or identity theft, informs the BleepingComputer portal.
Phishing SMS claim that your PayPal account is blocked
Phishing SMS messages abuse the way PayPal protects its users. When a service detects suspicious activity in your account, it will automatically limit it and you will temporarily not be able to withdraw, send or receive money.
You will receive an SMS message from the attackers pretending to have been sent directly from PayPal. The body of the message indicates that your account has been temporarily suspended and can be unblocked at the link attached to the message.
“PayPal: We’ve restricted your account, click the link below to verify.”
Clicking on the attached link will take you to a page that will prompt you to log in to your PayPal account. If you do so, your credentials will be sent to the attackers.
To make matters worse, the site will then try to collect additional information from you, including your name, date of birth, address or bank details. This information is used by attackers to steal your identity, gain access to your other accounts, or perform other phishing attacks.
What to do if you have received a phishing SMS message
Be sure not to click on the attached link in the first place. As you can see in the image above, the link itself looks suspicious and PayPal does not have links in this form. However, if you’re not sure, you’d better go to the service’s official website manually and check your account from there. You should follow this rule for other SMS messages or emails.
If you have already filled in your details on the fraudulent site, you should immediately go to the official PayPal website and change your password. If you use the password on other sites as well, change it there as well.
What will 2021 be in terms of IT security? What to watch out for?