First page of the Paypal archive.

Refund Pending – really?

Posted by Common Sense Security on 22. September 2012 with No Comments
in Phishing
as ,

Scams used to happen face to face,  on the phone or come by mail. Now they often arrive online, mostly through email, instant messaging, or a social network. The message can be general in nature or it can be very narrowly tailored. The most common name of such scams is phishing. One of the latest incarnations preys on PayPal users. It promises them a refund because of a mistake made by PayPal if they will only log into their account. A link is conveniently provided. However, when people imprudently click on that link they are taken to the fraudsters’ site, which imitates PayPal’s. Once fraudsters obtain all the personal information they need, they get access to your PayPal account and many other accounts of yours that use the same authentication information.

Be careful! Never follow the links in your email – only go to web addresses you know. If you get communication from your bank, an agency, or a merchant – go to a web address you normally use to bank, communicate with  that agency or shop. Call them if this is your usual way of dealing with whatever organization you think contacted you. It’s all too easy to copy a legitimate message and replace a legitimate link in it with a scam link to a malicious web site.

Whether a message gets you worried, excited, or concerned, do not click in a hurry. It’s better to take a sure route than to deal later with the consequences of being conned.