PayPal phishing scam

July 19, 2022 - 2 minutes read

If your small business utilizes PayPal, you will want to know about this PayPal phishing scam. Don’t allow yourself or your website to be part of the scam. According to BleepingComputer this cyber attack impacts both PayPal users and website owners. Cyber criminals are uploading a PayPal kit to unsecured WordPress websites. These PayPal kits are made to look like the real thing and trick unsuspecting customers into divulging their PayPal account credentials.

Secure your WordPress website

Cybercriminals are targeting WordPress websites with weak user credentials and installing the PayPal phishing kit. The PayPal kit looks similar to a real Paypal login and tricks the customer into giving them their username and password. The cybercriminal can now potentially access the customers Paypal account. 

Your WordPress account requires a long and complex password that you do not use for any other accounts. It is also highly recommended to enable multifactor (2-factor) authentication on your WordPress site to reduce the chances of an account takeover. These two steps, along with regular review of your site, will go a long way in preventing your site from being used by a cybercriminal.

Secure your PayPal account

Now that your website is secure, let’s secure your PayPal account. Just like your WordPress site, use a long and complex password and do not reuse that password for other accounts. It is once again highly recommended to enable multifactor (2- factor) authentication. Doing this, along with regular reviews of your account and bank statements, will help reduce the chances your account is hijacked.

Protecting your small business is never easy and we are here to help. Test your cyber knowledge and take our Learning Course. For more information on phishing cyberattacks and other small business cybersecurity resources, check out Small Business, Big Threat! For more on cyber policies, check out the Access Resources page.

Tags: ,