Cyber criminals are hijacking PayPal support threads on Twitter to steal customers’ details, according to security researchers.

Experts from Proofpoint found that scammers are setting up fake accounts and replying to customer queries in what they call angler phishing attacks.

Those behind the campaigns set up fake but realistic-looking PayPal accounts, reply to customers’ enquiries and send them to pages behind links.

From there, victims are sent to realistic-looking PayPal login screens. If they enter their details, they are then in the hands of the cyber criminals.

“Hi [name], we sincerely apologise for this,” one account tweeted to a complaining customer. “In order to regain access to your account, please visit [link].”

The researchers said they had seen two accounts targeting PayPal customers so far.

“In both of these cases, the fraudulent but realistic Twitter handle, landing page and login screen create a convincing lure that can entice users to enter their PayPal credentials into the fraudulent page, providing scammers direct access to their accounts and any funds in them,” they said in a blog post explaining the scam.

“PayPal is aware of the issue and is working with Twitter to resolve it.”

The financial service is just the latest firm to be targeted by angler phishing attacks.

Last month, cyber criminals were found to be posing as NatWest’s support team on Twitter to try and send customers to phishing pages.

They offered to “help” customers contacting the bank by directing them to “verification” links that asked for their banking information.

When dealing with firms on social media, users are advised to check the accounts they are dealing with. A missing blue tick or low follower account can give a fake profile away.

If they are asked to follow a link and log in, a non-HTTPS address or free web host domain can be telltale signs that there is something amiss.

You may also like...

Keep Up To Date - Subscribe To Our Email Newsletter Today

Get the latest industry news direct to your inbox on all your devices.

We may use your information to send you details about goods and services which we feel may be of interest to you. We will process your data in accordance with our Privacy Policy as displayed on our parent website