On mobile, so apologies if I missed any subreddit rules that this post may violate, but I didn't know where else to put this and wanted to get the word out.
I just experienced an attempted PayPal phishing scam that was pretty devious and I'd like to prevent anyone from falling victim to it. First, I got a (genuine) text with a PayPal security code. Shortly after that, I received a phone call (that turned out to be spoofed) from 402-935-XXXX (a number that is actually connected to PayPal). I answered, and an automated voice asked me for my telephone passcode/PIN.
I'm certain the goal was to obtain the telephone pin and then immediately use it to call PayPal and request assistance with a password reset. PayPal would see the genuine attempt to reset the password, they'd spoof the call to appear as though it came from the registered number, and then use the telephone PIN to convince the rep that it was a legitimate request.
PayPal's fraud department has a log which records all contacts initiated by PayPal, which was how I learned (after changing my password and calling to report what had happened) that the text was genuine and the phone call was not. I hope we can spread the word and prevent people from getting scammed and this seemed like a good place to start since I know your subreddit's thing is helping people with money, so... hopefully this is related enough?
Side musing: after I reported the scheme, they asked me to report it to a different department that could actually alert the right people to do something about it on the PayPal side and transferred me to them and I've now been on hold for a total of 75 minutes, so... I kinda think reddit might have a chance of being a more efficient way of doing something to help stop the scammers.
Submitted September 05, 2017 at 10:12PM by jaymdee http://ift.tt/2wEtWth
