Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Watch out - that urgent PayPal email could be a phishing scam

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

A new warning issued by the Federal Trade Commission (FTC) has urged internet users to be wary of new phishing email scams, supposedly coming from payment gateway PayPal and crypto wallet platform MetaMask.

The PayPal email warns customers that BNC Billings has canceled their payment to Binance, while the MetaMask email informed customers that their cryptocurrency wallet has been blocked.

Both are scams, and the FTC is asking that recipients forward such emails to reportphishing@apwg.org. They should not interact with the email, and delete it immediately.

PayPal and MetaMask phishing emails

The convincing email supposedly from PayPal is decorated with legitimate colors, logos, and fonts. It also includes a dud invoice, and in the body of the email is a phone number that links directly to the scammer who proceeds to ask unsuspecting customers for sensitive information, such as account passwords, payment detail information, and personal information.

Twitter user OF24com describes how the invoice appears to use the legitimate PayPal domain, helping to persuade even the savviest of PayPal users to share their information. 

While the PayPal phishing email uses alarming prices to frighten customers into action, the MetaMask scam employs a sense of urgency. The email reads:

“Due to the dramatic increase in our platform users, some wallets still need to manually perform the new upgrade. You must upgrade your wallets before [date] in order to keep your assets secure and accessible.”

In an effort to protect citizens, the FTC is advising victims to “slow down” and to assess the email and their circumstances more carefully. The advice is also not to click on any links - if a company has shared a message with you, you will usually be able to find it on the website, in your account (accessed directly via the website), or by phoning the company (again, directly from its website). Contact details shared in an email may not belong to the company in question.

Other general advice includes downloading and updating malware removal tools and endpoint protection software.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.