Phishing cases involving PayPal and MetaMask are on the rise. How do cybercriminals work and how can you avoid falling into these traps?
The online universe is full of potential dangers e fraud of various types. From this point of view, some established and super-known platforms allow users, even on a subconscious level, to relax a bit. Cybercriminals, however, know this potential weakness all too well and very often exploit it for their own scams.
In recent weeks, a new way of phishing attack by email. This exploits the name of some platforms considered reliable, such as PayPal or MetaMask, to steal sensitive data from victims.
It all starts from one email message with a title capable of attracting attention. Once you open theemailthen, a text with a formal tone appears, which tries in some way to alarm the user about an urgency of various kinds, such as the account suspension or the phantom violation of the same.
The link proposed to resolve the situation leads to a site which, in terms of graphics and structure, actually resembles the real one of the platform. Once you enter the credentialshowever, this turns out to be only a workmanlike artifact to obtain the same.
PayPal and the phishing scam: how do even the most experienced users manage to cheat?
To sound the alarm by the way, given the increasing cases and the techniques social engineering increasingly refined, is the Federal Trade Commission (FTC) of the United States.
The same state body then reminded users that legitimate platforms usually do not act by asking personal informations and credentials via e-mail. To avoid problems related to phishing cases, both with regard to PayPal and in the context of other similar campaigns, the recommendations to follow are as follows:
- Avoid clicking suspicious links and to download any attachments;
- Check i link present in the email received: the presence of suspicious URLs not attributable to the legitimate company can easily suggest a phishing attempt;
- Remember that the specified email address as sender does not indicate the real origin of the email (email spoofing);
- In case of doubtcontact the company directly over another official channel, be it through support services or social channels;
- To prevent any type of infection, a antivirus constantly updated high-level can be a good form of prevention;
- Also beware of phishing attacks that use evil proxies or similar mechanisms, which are systems designed to bypass forms of two-factor authentication.
Finally, it is good to remember that it is not enough just to avoid a phishing attack: it is also important report possible almost.
This can take place directly, at the platform/brand involved, or through specific authorities such as, in the Europen context, the postal police.