January 06, 2017

PayPal Phone Phish – Be Careful

The caller ID said “PayPal” so I picked up the phone. A dulcet woman’s voice said: “Hello, this is PayPal automated phone confirmation system. Please enter your PayPal confirmation pin.” I hung up so fast that I dropped the phone.

This wasn’t especially tempting because I knew I hadn’t paid for anything recently on PayPal and didn’t think Mary did. But whoever is doing this is making thousands and thousands of robot call and so, statistically, they will catch some people who have just ordered on PayPal and will assume the call is legit. If I had just used PayPal, I might’ve been tempted; my broker calls to confirm wire transfers, for example.

Important points:

  • Caller ID and calling telephone number can be spoofed as easily as the sender’s email address on a phishing email. You cannot assume you know who is calling you.
  • Don’t be fooled by the fact that the call comes just after you’ve used a service. That is an amazing coincidence for you, but it’s also a statistical certainty that it will happen to someone if enough robo-calls are placed.
  • The only way you know whom you are talking to is if you place a call to a known number. If you get a call like this and think it might be legit, LOOK UP the number of the supposed caller and call back; it’s not safe to use a callback number in a voice mail.
  • Always insist that the person asking you for a confirmation give you the specifics of the transaction they’re confirming even if you called them. The call I got was from a robot so I couldn’t have gotten any information even if I hadn’t hung up
  • Don’t give information to robots that call you.

For information on phishing attacks by email, see Don't be Phished by Russians - or Anyone Else

