Organizations sometimes fail to consider the true risks that insiders pose to their cybersecurity. Yet, internal risks are every bit as dangerous and damaging as the external ones, even if there is not malicious intent.
Find out if any of these top 5 insider threats are occouring in your business today!
A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft.
A new SMS text phishing (smishing) campaign pretends to be from PayPal, stating that your account has been permanently limited unless you verify your account by clicking on a link.
"PayPal: We've permanently limited your account, please click link below to verify," the smishing text message reads.
Clicking on the enclosed link will bring you to a phishing page that prompts you to log in to your account, as shown below.
If you log in on the phishing page, the entered PayPal credentials will be sent to the threat actors. The phishing page then goes a step further as it will try to collect further details from you, including your name, date of birth, address, bank details, and more.
The collected information is used to conduct identity theft attacks, gain access to your other accounts, or perform targeted spear-phishing attacks.
Yesterday, two other people I know received these phishing texts, so it is a very active campaign, and everyone needs to watch out for these messages.
Smishing scams are becoming increasingly popular, so it is always important to treat any text messages containing links as suspicious. As with all phishing emails, never click on suspicious links, but instead go to the main site's domain to confirm if there is an issue with your account.
If you received this text and mistakenly logged into your PayPal account or provided other information, you should immediately go to Paypal.com and change your password.
If you use that same password at other sites, change them there as well.
Finally, you should look out for other targeted phishing campaigns using the submitted data. BleepingComputer also suggests that you monitor your credit report to make sure fraudulent accounts are not created under your name.
To prevent identity theft, you can also temporarily freeze your credit report to stop banks and other companies from issuing credit under your name.