If you get a tweet from what appears to be an official PayPal support account on Twitter, take the time to double-check the source – because currently, there is a phishing scam doing the rounds using false accounts to try and trick users into giving up their logins.
Proofpoint uncovered this new so-called ‘angler’ phishing attack whereby fake tech support accounts monitor Twitter for messages reaching out to PayPal for help using ‘@PayPal’, and then step in pretending to be an official conduit of support.
They contact the user, employing the correct PayPal logo and so forth, and link across to an official-looking login screen where the actual phishing takes place, nabbing the user’s PayPal password should they enter it.
Playing on expectations
Because the user in question is expecting a response from PayPal support, they’re more likely to fall for this particular trick.
The fake accounts are named things like AskPayPal_Tech, or AskPayPal, and go to some lengths to make their Twitter page look authentic.
Of course, the usual clues that something is amiss are present if you look closely enough, such as the typical spelling error or suspect grammar – and the fact that these accounts have been created in the last month or so, which is a bit of a giveaway.
Both Twitter and PayPal are aware of the problem and are currently working to put a stop to the scam accounts. In the meantime, as ever, look before you leap, and be careful of clicking on any links thrown at you in tweets (you should always think before clicking a link of course, wherever you are online). See our advice on how to avoid getting phished here.
- Also check out how phishing criminals are using LinkedIn to build trust with victims