Watch out - that PayPal email could be a phishing attack

Cybercrooks love impersonating PayPal

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

PayPal is the world’s most popularpaymentsystem - for threat actors trying to trick people into giving away their login credentials, new research has claimed.

Analyzing phishing campaigns taking place throughout 2021, AtlasVPNresearchers found that almost two in five (37.8%) of all financial phishing attacks impersonated PayPal.

The premise is simple - the threat actors will set up a landing page that looks almost identical to the PayPal login page, and will create an email that mimics the looks and the feels of a newsletter, notification email, or warning from the company.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Amazon and Apple in the crosshairs

Thatemailwill always hold a link, inviting the victim to log in with theirendpointsand sort out whatever troubles await. That link, however, instead of driving the victim towards the actual PayPal login page, will lead them into the fake landing page where, if they’re gullible, they’ll give away their passwords to the attackers.

Besides PayPal, cybercriminals also love impersonating Mastercard. As the second most-abused financial payment brand, Mastercard was impersonated in 12.2% of phishing instances. The goal, in these attacks, is to obtain credit card information.

With a 10% market share, American Express took the third spot.

What is phishing and how dangerous is it?>Phishing attacks hit more businesses than ever last year>LinkedIn is becoming a paradise for phishing attacks

“To avoid getting tricked by a phishing attack targeting payment systems, users should keep in mind several things,” says Atlas VPN cybersecurity writer Vilius Kardelis.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Websites impersonating popular brands will always have suspicious domain links, which can help to recognize whether the page is legit easily. Also, emails from scammers might contain grammatical errors, so keep an eye out for that.”

Payment services aside, threat actors also love to impersonateecommercebrands, withAppleandAmazonbeing the most abused brands. Almost half of all phishing attacks that used an ecommerce brand (48.78%) chose Apple, while Amazon was used in 21.48% of cases.

With 5.32% of the market share, eBay takes the third spot, followed by Alibaba with 4.14%.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Quordle today – hints and answers for Friday, November 8 (game #1019)