Are PayPal Phishing Attacks Connected to Recent eBay Hack?

Posted by Gabriela Nárožná May.30, 2014 in Passwords & Security, Tutorials & Tricks

At the end of May, eBay announced that they had been hacked in the March-April timeframe: personal data from 145 million customer accounts was stolen! (If you haven’t changed your eBay password yet, please do it now –  I’ll show you how. You can even watch the video.).

Since PayPal is a subsidiary of eBay, it’s probable that the recent spate of PayPal phishing attacks is related to the recent attack on eBay.

Over the past few weeks – roughly the timeline that eBay announced that they were victims of the hack – PayPal clients have been receiving emails with the subject “View your recent activity”.

The suspect email comes from paypal@e.paypal.com

Here are two examples of the PayPal phishing scam emails:

PP-1

If you have received one of these or a similar email, and entered your login information, your login and password are unfortunately probably in the hands of hackers! Contact PayPal right away.

What to do if you receive a suspicious email from a bank or one of your vendors?

A suspicious email is anything that catches your eye as being not quite right. It can be a simple typo or something wrong with the logo, or very often, several strange email addresses in a single email.

Not all phishing attempts are suspicious looking, but many are. Be sure to look over any email that asks you to click on a link in order to make changes to your account – especially, when the email was not prompted by you, or it came without other prior notice from your bank.

  • Do not click on any of the buttons and links in the email.
  • If the suspicious email is from your bank or a company that you deal with personally, then call them on the number they have posted on their public website to find out if they really sent the email.
  • If the suspicious email is from a bank that you do not do business with, then flag the sender as spam and delete the email immediately.
  • Don’t be shy about telling your friends about that phishing attempt that caught your eye: when it comes to security, awareness goes a long way to protecting yourself!

 For the PayPal phishing email:

  • Do not click on any of the buttons and links in the email.
  • Flag paypal@e.paypal.com as spam so your email account will spot future emails from this address and will send them it directly to the spam folder.
  • Forward the phishing email to spoof@paypal.com, where PayPal handles suspicious emails.

Most important is to take the same action that was recommended following the recent attack on eBay: change your password – on PayPal!

I’ll walk you through it step-by-step below. You can also watch the video.

How to change your PayPal password? It’s easy with Sticky Password.

Go to www.paypal.com and sign in to your account.

Click Profile.

PP-2Click Change in the password row.

PP-3

Select the checkbox next to the Password and click Edit.

PP-4

Your Current Password will be prefilled by Sticky Password. Enter your new password: for increased safety, we recommend using the password generator.

Click in the New password field and Sticky Password will offer to generate a strong password for you.

Click Generate password.

PP-5

Set the desired length (we recommend at least 8 characters, but the longer the better) and any additional options you’d like for your new password, click Generate and then click Use this password.

PP-6

Both password fields will be automatically filled in with your new strong password. Click Save.

PP-7

Sticky Password will prompt you to save your new changed password.

Click Change password.

PP-8

That’s it! Your PayPal password has been successfully changed and you can relax and have the peace of mind to watch your favorite movie  or go out to get some fresh air.