Share

Related Links

  • Skype
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

Skype PayPal phishing campaign under way

18 November 2011

Skype users are being warned about a phishing campaign designed to harvest their PayPal account credentials.

According to the Hoax Slayer newswire, a forged email lands in a Skype user’s mailbox advising them that a top-up payment of £69.99 has been made via PayPal and – of course – offering them a fake PayPal site URL to check their account details with.

Since most users of the popular Internet telephony and instant messaging service use PayPal, Infosecurity notes, the chances of users being alarmed and 'clicking through’ on the URL are relatively high.

The newswire reports that the message is not a genuine PayPal transaction notification. It is a phishing scam designed to trick recipients into visiting a fake web site and divulging their login and financial details to Internet criminals.

Brett Christensen of the newswire notes that the message is a phishing scam designed to trick people into handing over their personal and financial details to scammers.

“The recipient has not been charged 69.99 GBP for a Skype TopUp as claimed in the scam message. In fact, the supposed charge is simply the bait used to trick people into clicking the 'refund’ link”, he says.

“The scammers bank on the fact that at least some recipients, panicked into believing that an unauthorized transaction has been made on their PayPal account, will follow the refund link in the mistaken believe that they can dispute the transaction and get their money back”, he adds

Christensen goes on to say that those internet users who do follow the link will first be taken to a fake web page designed to closely resemble the genuine PayPal website and asked to login with their PayPal username and password.

Once they have logged on to the fake site, they will then be presented with the following 'Refund Request – Identity Verification’ form which asks them to provide their credit card number and a large amount of personal information.

Commenting on the phishing campaign, the Softpedia newswire says that card numbers, bank account data, passwords, emails, driver license numbers and even names will never be requested from users in a legitimate email sent by PayPal.

“Always be on the lookout for shady sender addresses, links that point elsewhere but the genuine website, attachments, and most importantly, the false sense of urgency that's created in these scams”, notes the wire.

This article is featured in:
Application Security  •  Identity and Access Management  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×