Emails asking you to verify your PayPal account are phishing scams
This may not provide much shock value to some of you but did you know that email messages asking you to verify your PayPal account are scams? It’s true and the fraudulent email messages are everywhere.
A current PayPal scam making the rounds sends a notification message from PayPal that asks you to verify your PayPal account because they apparently don’t recognize the device or location from which you logged recently and would like to confirm your identity. The message claims that they need to ensure that “this” account belongs to you.
Here’s a transcript of the email message:
Subject: Notification No 49539022
Verify your account
your safety is our priority
As we have not recognized the device or location from which you logged recently, we would like to confirm your identity. We need to ensure that this account belongs to you.
©1999-2019 PayPal, Inc. All rights reserved.
The email message contains a button that says ‘verify’ on it and if you click the button you will be taken to an insecure HTTP website with a PayPal logo that asks you to enter the code in the image. This webpage is not encrypted and contains a tracking cookie called PHPSESSID that is set to send for any kind of connection to the site.
Once you submit the correct code shown in the image you will be redirected to a new insecure webpage that looks just like a real PayPal login page. The page asks you for your email address and password, then requires you to press the Log in button to basically make it appear as if you signed into your PayPal account. However, that’s not what happened.
The fake PayPal login page is designed to look real and it asks you to log into your PayPal account. This is because the page was designed to deceive PayPal users in order to phish information to access their accounts.
If you fell for the scam and entered your password, make sure to change your password right away. Contact PayPal for more ways to ensure your account is protected.
When creating a new password make sure that the password is secure. Here are some valuable practices to consider when creating a more secure password:
- Use unique passwords wherever possible. Don’t reuse passwords for multiple accounts.
- Use passwords with numbers, letters, and special characters such as !@$#.
- Use two-factor authentication to add an extra layer of security along with your password.
- Use a reputable password manager if you have trouble remembering multiple passwords.