Phishing scams that use fake login pages to steal account usernames and passwords are nothing new. The trick for hackers is to fool customers into thinking that they’re following a legit link from a real company, and a new phishing scam is particularly good at that.
A raft of fake PayPal support accounts have popped up on Twitter. The accounts monitor for individuals who tweet support requests to @PayPal, and then reply to those messages with a link to a real-looking login page. Unless you look real close, anyone could fall for it.
DON’T MISS: Google Maps has a cool new Pokemon Go trick
The clever part about this attack is that it targets people who have already contacted PayPal customer service. If you’re already expecting a reply from PayPal customer service, you probably won’t look too closely at the Twitter handle, or think twice about following an official-seeming link and inputting your information.
According to ProofPoint, the security firm that identified the flaw, PayPal and Twitter are already working to eliminate the problem. But with Twitter accounts being free and quick to create, this might be a tough nut to crack. For now, remember to always be suspicious about clicking a link that asks you to input your password, and always look for a secured HTTPS connection before signing into anything related to online banking.