A revived email scam in the form of a fake PayPal invoice for a Google Pixel phone is making the rounds, and email users are warned to immediately report and delete it.
"Online scammers are always on the lookout for new and innovative ways to trick people into giving them their personal and financial information," writes MalwareTips' Stelian Pilci.
"Such scams just never fade away. This week, they’ve appeared again disguised as Google Pixel phone order confirmation emails," according to Trend Micro.
How does the PayPal Pixel scam work?
The scam begins with an emailed invoice or text message purportedly from PayPal. Since the scammers create a PayPal account specifically for this purpose, the email may, at first glance, appear legitimate.
It's not.
In one version of the scam, the subject line may say "Invoice from Pixel (0223)," as MalwareTips explains.
The message inside the email will likely say Pixel, a popular smartphone developed by Google, has sent an invoice which is due on receipt.
Clicking on the link in the email will send victims to a fake PayPal login screen that closely mimics the real thing. Once you enter your PayPal login details, the fraudsters have access to your account, from which they can steal personal and financial information.
In addition, clicking through on the link may infect your device with malware.
To snag more savvy consumers who raise an eyebrow at clicking through on a link that seems sketchy, the scammers also provide a phone number. In one current version of the scam, that phone number is 1-808-320-5276, Trend Micro explains.
The "customer service" phone number is not PayPal's. If you call it, you will hear from the scammers posing as PayPal representatives who will try to convince you to hand over your sensitive information.
People who receive the email should not click any links, nor open any attachments, nor provide any information whatsoever to the scammers. Instead, users should delete the email and report it as spam, experts advise.
The screenshots below represent how the scam may appear. Consumer Protection of Western Australia posted the screenshot compilation on Facebook in February as scam alert, urging people to remain vigilant and to report any phishing attempts that hit users' inboxes. In the United States, references to AUD would be replaced with American dollars.
What should phishing victims do?
Phishing scams are designed to steal passwords, account numbers, credit card information, social security numbers, and other sensitive data, according to the Federal Trade Commission.
The FTC advises those who may have been a victim of a phishing scam to report it to IdentityTheft.gov. This is particularly important when banking information and other sensitive data may have been compromised.
The FTC suggests four actions to prevent becoming a victim. Those preventive actions include using security software on your computer, setting your phone to automatically update, using multi-factor authentication for your online accounts, and regularly backing up your data.
Post a Comment