Click to Skip Ad
Closing in...

Brutally efficient phishing scam takes advantage of PayPal’s awfulness

Published Sep 5th, 2016 5:20PM EDT
PayPal Support Scam
Image: Twitter

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Phishing scams that use fake login pages to steal account usernames and passwords are nothing new. The trick for hackers is to fool customers into thinking that they’re following a legit link from a real company, and a new phishing scam is particularly good at that.

A raft of fake PayPal support accounts have popped up on Twitter. The accounts monitor for individuals who tweet support requests to @PayPal, and then reply to those messages with a link to a real-looking login page. Unless you look real close, anyone could fall for it.

DON’T MISS: Google Maps has a cool new Pokemon Go trick

The clever part about this attack is that it targets people who have already contacted PayPal customer service. If you’re already expecting a reply from PayPal customer service, you probably won’t look too closely at the Twitter handle, or think twice about following an official-seeming link and inputting your information.

According to ProofPoint, the security firm that identified the flaw, PayPal and Twitter are already working to eliminate the problem. But with Twitter accounts being free and quick to create, this might be a tough nut to crack. For now, remember to always be suspicious about clicking a link that asks you to input your password, and always look for a secured HTTPS connection before signing into anything related to online banking.

Chris Mills
Chris Mills News Editor

Chris Mills has been a news editor and writer for over 15 years, starting at Future Publishing, Gawker Media, and then BGR. He studied at McGill University in Quebec, Canada.