Late yesterday I received a strange text from "PayPal" informing me that a payment for $999.99 had just been declined.
It looks like we might have a new scam on our hands.
Here is a screenshot of the text:
While this is quite clearly a scam, it did give me pause. I had used PayPal to purchase something online roughly ten minutes before the text, but certainly not for that amount. And this is exactly how scammers get you — by sowing the seeds of doubt.
If you're ever unsure about a text or an email you get from someone unknown, or even a reputable brand, always err on the side of caution. Do some research online. And remember, never open hyperlinks in texts or emails from unknown senders.
Unsurprisingly, there is no record of the 'attempted transaction' in my PayPal account, so I reported the incident to Scamwatch. At the time of writing there were no similar incidents reported on the site. I also started Googling and checking social media to see if anyone else has had something similar happen to them recently.
So far I have found some similar incidents reported on Reddit, the most recent being in the UK from about a week ago:
While this isn't definitive proof (and I haven't found any Australian examples other than myself thus far), it's enough to convince me that someone has tried to scam me and that it's something to be looking out for.
If you have been the victim of a scam, head over to Scamwatch for advice and resources, and to report it.
Update 12:27pm Gizmodo reached out to PayPal for comment, and received the following statement:
The safety and security of our customer' accounts, data and money is PayPal's highest priority. We encourage customers to always be aware of the software, documents, files and apps they download onto their computers and mobile devices to avoid malicious software and to be cautious about clicking links within emails that may direct them to unsafe websites.
We proactively work with law enforcement agencies, industry partners and use our own systems to detect fraud, but we also remind customers to remain vigilant to protect themselves against criminals illegally gaining access to account credentials.
"Phishing" is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive personal information, such as credit and debit card numbers, bank information or account passwords. Phishing scams almost always imitate a well-known company complete with company logos, official looking email templates, or scripts that are similar to genuine communications.
Phishing can also come through your phone via voice or SMS. Smishing is when a scammer sends an SMS message to your phone number with a bogus phone number or URL.
We invest a lot of time and energy to make sure PayPal users are secure, and thieves know it. They may try to impersonate us to gain your trust so they can access your account.
If you're not sure whether a PayPal email or SMS is legitimate or not, here is what you do: don't click on any link in the email or text back to an SMS. Instead, go to PayPal.com and log in. If there is any urgent message for you, you will see it here.
There are plenty of clever scam attempts, and new ones are being created all the time. So despite your best intentions, it could still happen. If you think you may have fallen for a scam, here are some steps to protect yourself:
- Run an anti-virus scan on your system to make sure that you didn’t pick up a virus. Make sure that your system and anti-virus software are up to date.
- Change your account password, PIN, and security questions immediately. Do this for your PayPal account, email account, and other online accounts.
- Check your online account statement vigilantly over the next few weeks (and months) for unexpected actions.