December 6, 2016 Leave a comment PayPal and Amazon phishing scams spreading now By Francis Navarro, Komando.com 24,96424.9k 'Tis the season to be jolly and the holiday shopping rush has begun. For sure, with the influx of holiday promotions, online receipts, shipping data and tracking information, your email inbox is probably inundated with messages from retail outlets, online and brick-and-mortar stores alike.These holiday emails can get overwhelming and of course, the ever opportunistic scammers will, once again, try and slip a quick email scam on unsuspecting shoppers. We even warned you about how scammers will try and fool you with various techniques like misspellings and typosquatting. But still, email phishing scams remain the most widespread method for stealing customer information. Popular phishing campaigns include favorite online shopping destinations like Amazon and payment service PayPal and they typically skyrocket during the holiday season.So before you make that list, better check your emails twice.Here are two spreading phishing scams we have personally spotted lately:Amazon Order Phishing ScamBeware if your inbox has a purported email from Amazon with this subject line: "Your Amazon.com order cannot be shipped." That email is most likely a phishing attempt.The email contains this message:Hello, There was a problem processing your order. You will not be able to access your account or place orders with us until we confirm your information. Click here to confirm your account. We ask that you not open new accounts as any order you place may be delayed.For more details, read our Amazon Prime Terms & Conditions.Unsuspecting recipients who click on the provided link for "account confirmation" will be directed to a fake but convincing "Amazon" webpage where they are asked to re-enter their names, address and credit card information.The whole thing is a sham, of course, and if you enter your information and click "Save & Continue," it is game over, the scammers will now have everything they need. To keep your suspicion down, they will even redirect you to the real Amazon website when the phishing process is complete.PayPal Limited Account scamAnother phishing campaign that's making the rounds is this "Limited Account" scam that's claiming to be sent by PayPal's "Security Team."The fake PayPal email's subject line is "We have limited your account temporarily."It begins with "Access to your PayPal account has been limited" and it even includes a PayPal logo image.The rest of the message reads:Dear Valued Member,There seems to be quite a number of login attempts that we have detectedthat led us to believe someone was trying to use your accountwithout your knowledge.Furthermore, we have limited your account in the mean timeuntil we hear from you. Normally, there can be a number ofreasons why PayPal limits an account. For your situation, yourPayPal account was limited to add greater security and toprotect you.When an account is limited, there are certain actionsthat PayPal prevents you from doing; this usually includessending, receiving, or withdrawing money.We ask that you open the attached file that wehave sent in this email. It is a form that youshould go through to verify your identitywith us.After submitting the form, our security team can then carefully review yourinformation that you have provided and lift off the limitation. It shouldn't taketoo long for us to process.We apologize for the inconvenience.Thank you,PayPalClicking on the attached HTML file will then lead you to a fake PayPal profile update page that claims to remove the "limitations" on your account. As usual, the page has required fields for your name, address, credit information and even your social security number.Notice, too, that even though the sender's name is "PayPal Security Team," its email is actually from "security.payservices.net," a domain not associated with PayPal by any means, which is the case with any address that does not have the paypal.com suffix.If you receive an email of this kind, please don't click on the file attachment. You can just delete the email or better yet, forward it, together with the header information, to firstname.lastname@example.org.Avoiding phishing attacksCriminals are always trying to stay ahead of the curve, delivering malicious links in numerous ways. Here are some things you can do to avoid being a victim of phishing scams:Be cautious with links - If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.Check for https - If you're divulging sensitive information to a website, especially on money transaction, always double-check if you are on a secure connection, signified by a padlock and the prefix https on the address bar. Hovering your cursor on a link or copying and pasting from your clipboard will reveal if a link has a https prefix or not.Double check the URL spelling - When typing a URL into your browser, take the time to verify you're spelling it correctly. With typosquatting, misspelling a URL could lead to a phishing scam.Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Before clicking on a link, hover over it and check for spelling. The safest move is to type the URL into your browser, with the correct spelling of course.Use multi-level authentication - When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software. More news stories you can't miss:Online credit card fraud skyrocketing - Protect yourself with these stepsHoliday shipping deadlines for 2016New "insert" ATM skimmers are entirely invisible and take seconds to install Please share this information with everyone. Just click on any of these social media buttons. Source: Inc Security & Privacy Amazon eBay PayPal phishing BREAKING NEWS, TIPS, AND MORE LIKED WHAT YOU READ? GET MORE IN YOUR INBOX FREE. Stay up-to-date the easy way. SIGN ME UP! Previous Happening Now Amazon Go lets you skip the checkout line at the grocery store Next Happening Now 85 million online accounts stolen by hackers - One in five have passwords tied to them Related Articles Make Amazon, Facebook and your other favorite services smarter 5 ways people are getting scammed online Secret eBay selling trick to help you earn top dollar Cloud services: How do they compare?