Action Fraud is warning the public about phishing emails, sent out by criminals, claiming to be from PayPal.
The warning comes after Action Fraud received over 1,000 reports within 24 hours on 20 July 2020 about emails claiming to be from PayPal. The emails state the recipient’s account has been “limited” as a result of a policy violation.
The emails then ask for customers to update their account, or check the security of their account by clicking a link in the email. The links provided in the emails lead to genuine-looking websites that are actually phishing sites designed to steal PayPal login details, as well as personal and financial information.
Pauline Smith, Head of Action Fraud, said:
“Phishing is a gateway to fraud. These emails are commonly used by criminals to gain access to your personal and banking details, which they then use to steal your identity or your money.
“It is common for criminals to spoof the legitimate phone number or email address of a trusted organisation, to trick us into providing information. If you receive a message out of the blue that seems suspicious, take five minutes to check directly with the organisation or brand contacting you that the communication is genuine. If something feels wrong then always question it.”
A PayPal spokesperson said:
“At PayPal we go to great lengths to protect our customers in the UK, but there are still a few simple precautions we should all take to avoid falling victim to scams.
“Be aware of any emails or text messages that ask you to provide personal information directly in response. Scammers often use a false sense of urgency to prompt you to act on a phishing email. All communications from PayPal to account holders would be sent to the secure message centre within their PayPal account. You will have a secure message waiting if PayPal does need you to take any action.
“A genuine PayPal email will only ever address you by your full name – anything that starts differently should immediately raise your suspicions. Look out for spelling mistakes, which are a common tell-tale sign of a fraudulent message. If you have any concerns regarding an email you have received, you should send it to [email protected].”
What to look out for and what you should do if you receive a phishing message
- Official organisations, such as your bank, won’t ask for personal or financial information by text or email. If you receive an email you’re not quite sure about, you can report it by forwarding the email to the Suspicious Email Reporting Service at [email protected].
- Do not click on links or attachments in unexpected or suspicious texts or emails.
- Confirm messages are genuine by using a known number or email address to contact organisations directly. You might find these on organisation’s official website or from a letter you have received in the past.
- To keep yourself secure online, ensure you are using the latest software, apps and operating systems on your phones, tablets and laptops. Update these regularly or set your devices to automatically update so you don’t have to worry.
If you think you’ve been a victim of fraud, report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040.