Online shopping makes life much easier for us.  But it also makes life easier for the scammers and thieves. I’ve already written about some holiday online scams and helpful tips (see, December 3rd, “Tis the Season –to be Alert! Helpful Consumer Fraud Reminders” and December 12th, “FTC’s 12 Top Holiday Shopping Tips for Consumers”). Here’s a reminder about a phishing scam that’s been around for quite awhile but is proving resilient — and particularly so during the holiday shopping season.

How does it work?  You get an email that really looks as if it’s from PayPal.  The email says your payment has been received.  The problem is that it’s for an item you didn’t purchase.  The email has a link that you can click in order to dispute the charge.  That’s the hook —people who click on it get sent to a credible looking, but completely fake, site that takes login details and other personally identifying information.

Taylor Armerding has written an excellent article that includes guidance from the PayPal website (see, “PayPal phishing scams ramp up for the holidays”; http://www.cssonline.com).  As Mr. Armerding writes, people are likely to be more careful at other times of the year and know they hadn’t made purchases using PayPal. But during the holiday season, people could be buying items online from many sources so want to make sure payments have been received.  In the rush to do so, even the savviest Internet user could get caught in the PayPal phishing scam, or some variation on it.

How to avoid having your identity information stolen?  Here are just a few of the key tips:

  • Always go to the vendor’s own website and log in there to check on purchases — don’t click on a link that’s embedded in the incoming email.
  • If you don’t go the vendor’s website, then make sure to check the URL (website address) in the incoming email to make sure the email’s really coming from the supposed company.
  • PayPal does not ask customers in an email for such sensitive personal information as their SSN, or credit and/or debit card number or bank account number.  So don’t provide that type of personal information in an email.

Take the time to be extra careful about incoming emails so you can have an even happier holiday season.