In a Christmas time phishing scam, cybercriminals created a fake Twitter account, claiming to be affiliated with PayPal. From the account "@PaypalChristm", the scammers tweeted, "paypallchristmasgifts.com log onto your account. verify your details. for your chance to be in Paypal's new year draw."
The tweet did not specify prizes, but showed a photo of some iPhones and a new Maserati. The fraudulent tweet showed up on thousands of users' timelines as a promoted tweet.
If a user clicked on the link contained in the tweet, he or she was redirected to a spoofed login page that looks identical to the PayPal login page, although the web address is different. Once the victim logs in, the site asks for the user's bank account information.
Twitter has removed this phishing scam, but similar scams could take its place in the future. Olivia Morelli "PayPal phishing scam promoted on Twitter asked for personal details" 2-spyware.com (Jan. 04, 2019).
Commentary and Checklist
Most phishing scams have the same goal - to steal money. Knowing the motive is helpful, but also knowing how phishing is presented to staff is important for preventing financial crimes. That is why training on phishing prevention is vital.
However, training is not fool-proof. It is also important to know how to respond if your identity or financial information is compromised.
If you believe that your data might have been compromised, you should contact one of the three credit reporting companies to place a free initial fraud alert on your credit report.?Also, order a free credit report from one of the credit reporting companies and look for any unauthorized charges.
File a complaint with the FTC and use the FTC Identity Theft Affidavit to contact the police and create an Identity Theft Report. Keep records of all communication regarding the possible identity theft. You should also check all household computers and devices for malware. If a cybercriminal might have access to your financial information, contact your financial institutions immediately so they can close your account and correct any possible fraudulent charges.
Consult the FTC's website at consumer.ftc.gov for more information about how to recover from identity theft.
According to the Federal Bureau of Investigation and the Federal Trade Commission, signs that you have had your identity stolen include:
- Unauthorized charges appearing on your credit or bank account;
- Being denied a line of credit for poor credit ratings, despite a history of good credit;
- Failing to receive credit card or bank statements in the mail as expected;
- Being contacted by creditors about money owed for items you did not purchase;
- Failing to receive a new or renewed credit card in the mail;
- Merchants refusing your checks;
- Medical providers billing you for services you did not receive;
- The IRS notifying you that more than one tax return was filed in your name; and
- An organization that you have an account with notifying you of a possible breach.