It’s no secret that Facebook is a favorite venue for crooks and scammers to seek out potential victims, but it’s certainly not the only place where they hang out.
There’s a new scam that targets frustrated PayPal customers making the rounds on Twitter right now, and it typically works something like this:
1 – A PayPal user gets frustrated over a problem he/she is having with the service and posts a complaint about it on Twitter.
2 – A scammer posing as a PayPal “Tech Support” rep replies to that Twitter post by telling the frustrated customer to click a shortened link in his/her tweet to visit the PayPal website in order to log in and have the issue resolved on the spot.
The problem is, the link posted in the scammer’s “Tech Support” tweet actually links to a fake, but authentic looking “PayPal” login page.
3 – Since shortened links are common on Twitter, this one doesn’t raise a red flag (although in this context it should). Eager to get the issue resolved, the frustrated customer clicks the link and enters his/her PayPal login information on the fake PayPal login page.
Just like that, the scammer now has the customer’s real PayPal login credentials which the scammer can use to log in and clean out the unsuspecting customer’s PayPal account.
Luckily, this is a very easy scam to avoid. All you have to do is avoid clicking on any links on Twitter that claim to take you to another service’s login page. Instead, visit that company’s website directly and log in from there.
If you do happen to accidentally click a link like the one mentioned above and find yourself staring at what appears to be a login screen, simply close the browser window without typing or clicking on anything.
And just to be safe, I recommend that you also run a thorough malware scan on your computer. This post explains how.
Bottom line: A real PayPal representative will never post a link to a PayPal login page on social media using a shortened link. If you need to log into your PayPal account for any reason, make sure you visit the official PayPal website directly and log in from there.