Complaining about PayPal might get you hacked as clever new phishing scam is unearthed


PayPal users are being warned to think twice about complaining on Twitter following reports that cyber criminals are using social media to trick unsuspecting customers into handing over their bank account details.

According to a new report by cyber security firm Proofpoint, PayPal customers are being targeted by fraudulent Twitter accounts which pose as customer support for the online payment service.

The criminals controlling the spoof accounts monitor social media then make contact with disgruntled customers offering to help. However, they then direct the customer to malicious links that ask them into input the login credentials and other sensitive account information.

Proofpoint has said it found at least two Twitter accounts which appeared to fool scores of customers.

Both the accounts have now been suspended by Twitter.

The accounts are able to fool so many users because they look very similar to an official PayPal Twitter account.

Cyber criminals replicate every last detail so to many users, the fraudulent site looks legitimate.

PayPal phishing scam

Image: Proofpoint

PayPal phishing scam

Image: Proofpoint

“In each of these attempts, the customer is reaching out to the official PayPal Twitter account for support,” Proofpoint said in its report.

“Since they are mentioning the official PayPal Twitter account through their proper handle, @PayPal, these tweets will show up on the official PayPal Twitter page. From there, the fraudulent PayPal Twitter accounts can monitor for opportunities to target customers that are expecting a response.

“In both of these cases, the fraudulent but realistic Twitter handle, landing page, and login screen create a convincing lure that can entice users to enter their PayPal credentials into the fraudulent page, providing scammers direct access to their accounts and any funds in them.”

Proofpoint added that this type of scam, known as “angler phishing” is increasingly used by cyber criminals, who hook in their victims from social media.

The scam is proving successful for the criminals as the victims unwittingly think they are contact official PayPal accounts, but instead are directed to malicious pages.

Proofpoint confirmed that Twitter and PayPal are aware of the scam and is working to resolve it.

For the record, PayPal’s official Twitter account is @AskPayPal.

If you are contacted by any account on Twitter that you think may be suspicious you should report it to Twitter immediately.


Comments are closed.