Did you get a takedown from the payment service? You may be exposed to fraud • Israeli data security company unveils new method for stealing credit information through phishing and SMS messages

ESET's information security company warns of phishing scams, which are intended to collect customer and credit information from citizens in Israel, using PayPal and allegedly e-mails from PayPal to collect personal information from users.

In messages that are distributed, and in Hebrew, slightly messy (such as Google Translate), it says: "Hello sir. There is a problem with your Pay.Pal account. Sign in now to activate your account." And while there are some details that may increase their credibility, it nevertheless lights a red light for you. First, the sender's name is Pay.Pal, with a separating point in the middle of the name.

The address is https://bit.ly/paypla. Such a link seems relatively reliable to most people, but those who pay attention will notice that the link is sent to a URL shortening service, in this case a bit.ly service, which is commonly used by criminals, especially phishing attempts. In addition, you can see that instead of PayPal, write PayPla, a common method of exchanging the last two letters.

"It appears that the sites are not really checking the card details they entered, but they are informed that the card details are incorrect. Of course, the card details, correct or not, are documented on the attackers' servers," notes ESET. "Attaching all the details of a name, phone number, credit card and ID number allows attackers to use or sell the information collected to easily make purchases at the victim's expense.

In messages sent by attackers they ask you to activate your PayPal account, and if you click the button you will go to an impostor site where you will need to enter your email and password, and in the following pages also personal information and credit card number. It should be noted that every detail that is entered at this stage is acceptable, which indicates that the information entered is accessible to the attackers.

Once all the details have been completed, PayPal will officially come to the site, presumably in order to increase the reliability of the attack. Another email from attackers asks users to "renew the data" to reactivate the completely disabled account. You can see that the title is already in Hebrew, but the wording is poor ("You must renew your data").

In the meantime, the referral language is no longer Hebrew, but English, and it is worth noting that the address from which the email was sent is not official of PayPal and was sent from "migodkh1.com". And that's not all, many Israelis have received messages that impersonate PayPal in other ways, and under various phone numbers and links. Among other things, one of the messages reads: "Your PayPal account is activated and you need to resolve the issue within 24 hours."

The information security company recommends that in the event that an email is received from a service provider, it is very important to connect to the vendor site individually rather than from the link in the message received and to check if there is a request to update the details. Account details need to be updated.