PayPal Smishing
Posted in News
Beware of SMS text messaging scams, known as smishing, purportedly from PayPal, designed to capture your login credentials and other sensitive data that could lead to identity theft.
When PayPal detects suspicious or fraudulent activity on an account, the account status gets set to “limited,” which puts temporary restrictions on the functionality of the account. This circulating smish states that your PayPal account has been permanently “limited” and asks you to verify your account.
If you take the bait, and click this link, your login credentials are sent directly to the thieves. But it doesn’t stop there. There is a further link to “Secure My Account” that lures the victim into entering even more personal data. This information can then be used to steal data from your other accounts.
I clicked the link! Now What?
If you clicked the link or entered any other account information through this text scam:
1. Go immediately to PayPal.com and change your password.
2. If you reuse your PayPal password on other accounts, change those as well. Always avoid password reuse.
3. Sign up for PayPal’s 2-factor authentication (2FA) in your Account Settings. In fact, sign up for 2FA wherever it’s available!
4. Contact CIRT@georgetown.edu if you have any questions about your Georgetown account.