ONLINE payment platform PayPal hinted it still receives close to 15,000 phishing reports each day from around the world.
A growing number of fraudsters are trying to steal information, such as passwords and personal banking details, using a method known as phishing, in which they impersonate a business through e-mails and fake web sites, PayPal said in a statement on Thursday.
“Scammers can impersonate you online, steal money from your bank account, and use your online identity to perpetuate their scams on others,” Rahul Shinghal, general manager for PayPal Southeast Asia, was quoted in the statement as saying. According to Shinghal, PayPal defends against 150 major attack campaigns every day and works constantly with its industry partners to help eradicate fraudulent phishing web sites.
According to Daryl Pereira, head of KPMG Singapore’s cybersecurity division, 44 percent of successful cyber attacks involves phishing. Microsoft Corp., which hosted the forum where Pereira spoke, places the number at 77 percent.
Pereira added that the end-user judgement results in phishing, which began when electronic mail became the ubiquitous method of electronic communication.
Hence, PayPal said users should take certain steps to keep their accounts secure, one of which is scrutinizing the sender of the e-mail. When you get an e-mail from someone asking for personal information, look at the address, according to Shinghal. Fraudsters will often try and make it seem as if a message is coming from a company like PayPal, but something is always a little off, he explained.
“Look for red flags such as poor grammar or spelling, and URLs and domains that don’t match the sender,” Shinghal said. “For instance, if there’s a PayPal logo on an e-mail but the message appears to have come from an odd web site rather than paypal.com.”
Other warning signs include any e-mail that demands you respond urgently, asks for your social security number or banking information or includes suspicious attachments.
“Don’t click on e-mail attachments unless you are sure of its origins, and don’t click on e-mailed links unless you know where the link is going,” Shinghal added.
If you see a link in an e-mail, don’t click on it: It’s hard to determine where that e-mailed link will really take you. In the case of phishing, what you think is a legitimate URL could lead you to a fake web site designed to steal your username and password.