According to the Hoax Slayer newswire, a forged email lands in a Skype user’s mailbox advising them that a top-up payment of £69.99 has been made via PayPal and – of course – offering them a fake PayPal site URL to check their account details with.
Since most users of the popular Internet telephony and instant messaging service use PayPal, Infosecurity notes, the chances of users being alarmed and 'clicking through’ on the URL are relatively high.
The newswire reports that the message is not a genuine PayPal transaction notification. It is a phishing scam designed to trick recipients into visiting a fake web site and divulging their login and financial details to Internet criminals.
Brett Christensen of the newswire notes that the message is a phishing scam designed to trick people into handing over their personal and financial details to scammers.
“The recipient has not been charged 69.99 GBP for a Skype TopUp as claimed in the scam message. In fact, the supposed charge is simply the bait used to trick people into clicking the 'refund’ link”, he says.
“The scammers bank on the fact that at least some recipients, panicked into believing that an unauthorized transaction has been made on their PayPal account, will follow the refund link in the mistaken believe that they can dispute the transaction and get their money back”, he adds
Christensen goes on to say that those internet users who do follow the link will first be taken to a fake web page designed to closely resemble the genuine PayPal website and asked to login with their PayPal username and password.
Once they have logged on to the fake site, they will then be presented with the following 'Refund Request – Identity Verification’ form which asks them to provide their credit card number and a large amount of personal information.
Commenting on the phishing campaign, the Softpedia newswire says that card numbers, bank account data, passwords, emails, driver license numbers and even names will never be requested from users in a legitimate email sent by PayPal.
“Always be on the lookout for shady sender addresses, links that point elsewhere but the genuine website, attachments, and most importantly, the false sense of urgency that's created in these scams”, notes the wire.