Cybercriminals are attempting to steal personal information from PayPal users once again, Hoax Slayer warns. This time the email is encouraging users to cancel a payment if they believe it was made by mistake.
The email is a convincing fake as it looks very much like a genuine PayPal payment message, containing the company’s logo, official links and duplicate formatting.
It seems the cybercriminals responsible for the scam are bargaining on a few panicked users clicking on the ‘cancel payment’ link, worried that a payment has been taken from their PayPal account without their authorisation.
The link leads to a fraudulent website where users are encouraged to enter their PayPal login email and password. After that a web form appears asking users for personal and financial data. This information will be used by the criminals in order to hijack and compromise PayPal accounts, steal identities or commit credit card fraud.
The seller or merchant in the emails may vary; some criminals use the image of a well-recognised company as the receiver of the funds, while others use names of individual PayPal sellers.
If such an email appears in your inbox, you should forward it to PayPal for analysis. PayPal emails always address users by their first and last names or business name, and the company will never use a generic greeting such as “Dear customer.” The safest way to login to your PayPal account is to enter the account address directly into the browser rather than clicking on the link in the email, Hoax Slayer notes.