How scammers are targeting your personal details

Online shopping habits are intensifying and we often come across mention of PayPal, a legitimate online payment system.

Many online shoppers set up a PayPal account, which offers a relatively secure form of payment but doesn't make them immune to scammers.

Many shoppers don't set up their own account but use their credit card to pay for online purchases.

How the scam works

When the purchase receipt is emailed it often mentions PayPal, even if the buyer doesn't have an account, because the other participant in the transaction - the supplier of the goods - has a PayPal account.

So it doesn't seem unusual or alarming when you receive an email from PayPal, or someone pretending to be PayPal, suggesting it is time to get your account in order. It looks legit, headed up with its own email address of [email protected].

It is well written, headed "We need your help resolving an issue with your account" and goes on to say that PayPal understands it is frustrating that you don't have full access to your PayPal account. PayPal wants to work with you to fix this annoyance as quickly as possible.

What's the problem? the email asks. The reader is not aware there is a problem.

Answering its own question, the email continues: "It's been a little while since you used your account. For reasons relating to the safe use of the PayPal service we need some more information on your account."

You are given a fancy case number with many numbers and letters. It looks impressive. You are told it is all straightforward. PayPal just needs more information about your account or latest transactions, and all will be hunky-dory.

Then you are asked to click on a highlighted area, log into your account in the secure browser window, confirm you are an account holder and follow instructions. At the bottom you are thanked for your cooperation by the protection services department.

There is even a copyright code provided at the end of the email. This one nearly had me, except I don't have a PayPal account of my own. As far as I remember, I have never set one up.

So the alarm bells began to flash. Sure enough, NSW Fair Trading confirms it has received more than 15 reports related to PayPal scammers.

Fair Trading says it is a phishing scam, where you receive an email that looks as if it comes from a reputable organisation or financial institution.

The emails try to trick you into handing over your personal and other details. The "special" links in the email take you to a fake website that looks real, where you are expected to provide a batch of personal information that someone out there in the ether can use to siphon your bank account.

Signs of a phishing scam

According to NSW Fair Trading the two key warning signs for phishing scams are:

• Receiving an email, SMS or phone call out of the blue asking you to "validate" or "confirm" banking and other account details.
   
• You are regularly "reminded" or pushed to provide personal information, and discouraged from checking it is a genuine request.
   
• Don't fall for it. Don't click on any provided highlighted links because you don't know where you and the information you might provide will end up. And if they ask for money, particularly if it is through Western Union or any money wire service, don't send it.

Dos and don'ts

DO:

Regularly check your credit card and bank statements to detect suspicious transactions.

DON'T:

Send money or give personal details to people you don't know and trust.

DO:

Shred all documents containing personal information, such as credit card applications and bank statements.

DON'T:

Provide personal details if you are called by someone claiming they are from a bank or organisation. Instead, find the contact number through an internet search or check the back of your ATM card for contact details.

DO:

Log on directly to websites you are interested in rather than clicking on links provided in an email.

DON'T:

Send any money if you receive a request from a family member or friend abroad asking for money to help in an emergency. Contact them by phone to verify the request is genuine before sending any money or providing personal details. Scammers can get names of travelling family members from Facebook, pretend they are them and say they're in need of fast money.

DO:

Ask sellers some searching questions and try to get a conversation going to try to establish if they are genuine or scammers.

Get stories like this in our newsletters.