A new PayPal phishing scam is making the rounds that are hard to spot, which emphasizes the importance of using an abundance of caution when you receive a message you are not expecting.

Phishing scams work by tricking people into clicking a link, opening an attachment or redirecting to a website. From there, the scammers might install harmful software on your computer, infect your entire network with a virus, steal your login credentials or other similar tactics. Some phishing scams are much simpler, though, like the infamous Nigerian prince emails that trick people into sending money or paying a fee.

There are two different kinds of phishing scams. Some of them, like the ones that claim the sender needs help getting hundreds of millions of dollars out of the country, can be somewhat unrealistic and filled with grammar errors.

The other kind is more sophisticated. They might contain cut-and-paste corporate logos, copied wording from a real company communication, perhaps a copycat address that could fool savvy consumers. Those phishing attempts are trying to convince the recipient that there is something legitimately wrong with their account, their tax return or some other plausible situation.

A new PayPal phishing scam that pretends to be from PayPal is a good example. This message has a very friendly tone, correct spelling and grammar and even has the company’s image in the message. It informs the recipient that PayPal was unable to process their refund of a high-dollar value amount and to please go to Member Support for assistance. As part of the PayPal phishing scam, the handy link is even provided in the message.

Since the recipient does not remember sending or refunding hundreds of dollars, they might click the link to find out what is going on. That is when the scammers have redirected them to a different site where the consumer will type their login credentials—while the scammers steal that information—and see that it was all a big mistake and nothing is wrong. It is also possible that clicking the link will instead install malicious software like a virus on the user’s computer.

In any event, the same advice as always applies: never click a link, open an attachment, download a file or follow through with any instructions in a message that you were not specifically expecting.

Instead, ignore the message. Simply contact the company yourself using a verified contact method that you looked up, not one that may have been provided in the message (it could lead you right back to the scammers). Once you go to your account or contact customer service, you will discover that everything is fine. On the off chance there really is a problem with your account, you will also be able to fix it right then. The Identity Theft Resource Center is here to help if you believe you are a victim of the new PayPal phishing scam. Call one of our advisors’ toll-free at 888.400.5530. You can also live chat with an advisor. They will walk you through the next steps you need to take.

You might also like…