WARNING PayPal Phone SMS Scams Getting Incredibly Real

neosin on 29/09/2020 - 12:52
Last edited 29/09/2020 - 12:54

So today I got a msg from 0458729725 with the following:

“PayPal: Due to Australian regulation, you cannot use or withdraw funds until your identity is verified. Log into your PayPal account on desktop and action urgently.”

I have been getting legitimate msgs from Paypal from this number in the past, however, something didn’t feel right (even though I’m not sure how they can use this to hack me without replying or clicking on a link?)…

I did some digging online and found out it is possible to fake/spoof a called ID, so scammers are literally able to pretend they are from Paypal. There are literally hundreds of posts on reverse australia regarding this issue.

It seems that even Paypal themselves can’t verfiy whether they are real or not because paypal actually use this number to send out text msgs…

This blows my mind, to think that a giant company like paypal can’t to anything against caller ID spoofing.

What’s the point of mobile text authentication when you literally can’t verify if the text you received is from a legitimate source or from a spoofer? The only way would be to call the source and verify which defeats the whole purpose of text authentication…

thoughts?

General Discussion

Related Stores

PayPal
PayPal
Marketplace

Comments

  • jjjaar on 29/09/2020 - 12:58
    +2

    I did get the same text yesterday from the same number. I just ignored it and didn’t even bother logging in to see if it was legit.

    However there were no links and it just advised you to log in so not sure how fake it could be?

    • neosin on 29/09/2020 - 13:03

      that’s the thing i don’t get, and I want to get to the bottom of this because this is getting very widespread…

      what exactly can hackers/scammers do with these fake sms messages???

      I want to find out so I can expose these filthy scum and warn others.

      • [Deactivated] on 29/09/2020 - 13:27
        +2

        Setting them up before knocking them down.

  • PissLUR on 29/09/2020 - 13:01
    +3

    related shopback data breach?

    • neosin on 29/09/2020 - 13:04

      hmmm possibly 🤬

    • jjjaar on 29/09/2020 - 13:04
      +1

      I didn’t have shop back.

    • FullPrice on 29/09/2020 - 18:56

      I am urgently awaiting advice from OzB 20 year expert in consumer affairs management, including privacy and identity protection. Who I know cares very much about this stuff.

      Can only hope PayPal don't use a customer service team leader 'from a certain country' or they are down the toilet as a company.

  • Typical16-bitEnjoyer on 29/09/2020 - 13:03
    +13

    to think that a giant company like paypal can’t to anything against caller ID spoofing.

    Scammers are gonna scam.
    Phishing scams exist for practically EVERY major company out there.

    Rule 1 - Don't click links on unsolicited messages or emails even if from known providers. ALWAYS login in to their website directly.
    Rule 2 - Never talk to someone from a known provider if they call you unsolicited. Hang up and call them directly.
    Thanks for listening to my TED talk.

    • ShortyX on 29/09/2020 - 13:06
      +4

      stands and claps

    • neosin on 29/09/2020 - 13:08

      So technically all text sms communication can be compomised :( Calling the source makes sms communication redundant if I can’t verify if a text i’m getting from a legitimate known number is real or not?

      • Typical16-bitEnjoyer on 29/09/2020 - 21:59

        Nothing is compromised. It's just insanely easy for someone to send you an SMS and pretend it's from someone else. Don't trust unsolicited sms or email.

  • whooah1979 on 29/09/2020 - 13:04
    +2

    Use 2FA.

    • neosin on 29/09/2020 - 13:09

      what’s that?

      • bloom on 29/09/2020 - 13:13
        +4

        2 Fat Ankles
        a.k.a cankle

        • burningrage on 29/09/2020 - 18:31

          I was gonna something different along the line of Sweet FA but anyway….

      • Screamingeagle on 29/09/2020 - 13:34
        +2

        2 Factor Authentication.
        Basically when you log in to somewhere - in this case PayPal you need also submit a one time use code as well. With PayPal it is usually a code sent via text message. but depending on where you are logging into it could be an app on your phone or an email message or anything else.

  • ShortyX on 29/09/2020 - 13:05
    +2

    Phones and text messages simply weren’t designed with security in mind.

    https://securityboulevard.com/2020/01/why-2fa-sms-is-a-bad-i…

  • Nixo on 29/09/2020 - 13:12

    I also got an email from a scammer recently who pretends they're PayPal, saying that my account had been locked.

    • AdosHouse on 29/09/2020 - 13:44
      +2

      Going by the emails I get, my Paypal is locked at least twice a day.

  • bluedufflecoat on 29/09/2020 - 13:44
    +1

    I think it was legit?

    I got it too. I have a feeling the trigger came from the Inglewood coffee (breach?) recently. That was the last time I used my PayPal account.

  • abb on 29/09/2020 - 14:00

    What’s the point of mobile text authentication

    Huh? There's no such thing as an authenticated SMS. The sender's identity is just a field in the text message, you can put whatever you want in there if you have the right software.

    There used to be web pages where you could send SMS and enter whatever sender info you wanted. I had a lot of fun pranking friends with that!

  • mizx on 29/09/2020 - 14:25

    When I logged onto PayPal on desktop I saw the exact same message.

    I just set up 2FA and got the code from the same number posted by OP.

  • netjock on 29/09/2020 - 14:56
    +1

    If you get anything (SMS, Email etc) unless you are expecting it because you requested it (or just signed up) otherwise never click on the links. Always go to the website (via google non ad links).

    Usually these scams work on people's instant gratification requirements, the facebook / instagram generation.

    Just take it really slow and watch scammer squirm because they need to try to close you quick, longer the drags on the less legit it seems.

  • dylo on 29/09/2020 - 15:14

    I've been getting banners on paypal receipts asking me to verify identity, I logged into paypal and it was just to confirm my address and gave me the option of opting in to Equifax credit reporting which I didn't choose to. They may just be trying to reach users by as many means as they can?

  • [Deactivated] on 29/09/2020 - 15:20

    Yeah SMS spoofing has been a thing for over a decade. Anyone can do it with an SMS gateway.

  • [Deactivated] on 29/09/2020 - 18:30
    +1

    It's legit.

    Since this happened, PayPal Australia have been under a lot of scrutiny and pressure in regards to KYC and anti-ML checks, of which they were somewhat disregarding previously.

    Now they are playing catch-up, and some, if not most, will have to login to PayPal and complete a quick ID check (and have the option to have it completed instantly if they give permission for PayPal to run it by Equifax's records).

    If you aren't even logged into PayPal, and go to the Australian Help Centre, you will see a message that says:

    Due to Australian regulatory requirements, you may need to confirm some information to keep using your PayPal account. This may include verifying your identity by logging into your account and following the notifications to resolve, or by visiting this Confirm Your Identity page. If you received an email from us that your identity has been confirmed or if you’ve already confirmed your identity, no further action is needed.

    • neosin on 30/09/2020 - 18:06

      Well i just transferred some money out without doing anything and it worked, plus I logged into my app and it didn’t have any restriction notifications…

      I also sent a chat msg to support but they haven’t replied yet :/

      • EightImmortals on 04/10/2020 - 15:47

        I tried to send some money yesterday and it wouldn't let me without jumping through all those hoops so I did a bank deposit instead. Then bought something on EBAY today no problems but the Paypal receipt contained a (legit) link 'Please confirm your identity'. After using PP for over 10 years why they need to do this now? Will I have any problems if I don't do it?

  • samcro on 29/09/2020 - 20:02

    Being cautious is one thing, but don't be paranoid. There is no link in the text and it's telling you to use your normal login method. How can it be a scam? It really is from Paypal.

  • Lufia on 29/09/2020 - 21:47

    I got this text too, and I looked up the number and lots of people are saying it's a scam, while others are saying it's legit… is "action urgently" usual English, I've never heard that kind of expression?
    Like others said, there's no fake link to follow, so if it is fake, what is there to be gained? I'm a bit suspicious of it, but I'm really not sure what to think. I'm going to try to contact paypal tomorrow.

    Also, when I logged into paypal, there was a message prompting me to allow them to share my details with Equifax - does anyone know what this means, and can I opt-out of it?

  • OzHunterNSW on 30/09/2020 - 10:12
    -2

    Hahahahahahaha stop right there…. hahahahahaha

    Incredibly real…. in what world? Like talking serpents and magic dishes… hahahaha.

    The very first sentence immediately rings alarm bells…. hahahahahaha

  • AbucklingNMS on 30/09/2020 - 15:00

    Hi, noticed reports of SMS spoofing, assume they want you to call back to international pay-by-minute number OR at least confirm your phone number is connected.

    My latest login has ads for DL'ing the Paypal app.

    Also Paypal has weird definitions of "instore" and "online" - I have a BOQ account (shorter open hours, but great backup for payments) and Auspost Everyday Mastercard (rechargeable, much longer hours including weekends).

    BUT Paypal randomly chose BOQ for payment even when Card was preferred - mostly buy KFC - app, Domino's - app & MS xbox games - website or through console.

    PP seems to think some apps or websites are "instore" purchases even when nowhere near store.

    It's more reliable to use bank as preferred and enter bankcard into app manually Each time.

    I do hate that BOQ takes 3,4 or 5 days to show PP transaction's. (BOQ uses log-on log-off terminology and has special accounts for doctors, nurses, teachers & some others).

Login or Join to leave a comment
Login Join