Sophos warns of PayPal phone phishing scam

By

Attacks evolving as users learn not to click links.

Sophos warns of PayPal phone phishing scam
Sophos has warned of a new phishing email that tries to trick PayPal users into calling a phone number and revealing their credit card details. 

The email purports to come from PayPal, and claims that the recipient's account has been the subject of fraudulent activity.

Unlike normal phishing emails, the message contains no internet link or response address. Instead, the recipient is urged to call a US phone number and verify their details.

When the number is dialled, users are greeted by an automated voice saying: 'Welcome to account verification. Please type your 16-digit card number.' 

"Although it's an American telephone number, the fact that PayPal is used globally means that anyone could be tricked into making the call," said Graham Cluley, senior technology consultant at Sophos.

Cluley said that the scam highlights a problem for online companies in how they communicate with their customers.

Many users are learning not to click on links in unsolicited emails. But an email that includes a phone number may not arouse suspicion.

"How many would know whether a phone number for a website is genuine or not? " said Cluley.

"As hackers get smarter, we are likely to see an increase in cases where they harvest messages from corporate switchboard systems to sound even more like the legitimate company."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
ofpaypalphishingphonescamsecuritysophoswarns

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?