‘Tis the season to worry – not about nabbing that perfect last minute gift or making sure you pick up the correct type of cranberry sauce – it’s that time of year to worry about not getting your payment information stolen by internet scammers. Busy shoppers want everything to go smoothly, so when they see a “failed transaction” email from PayPal, they’re sent into a tizzy. The phishers behind these emails want users to panic, hoping they’ll hand over their information without thinking.

The newest PayPal phishing scheme involves an email claiming a “failed” or “unverifiable” transaction. The email urges the customer to follow a link to a “resolution center”, which is a fake PayPal site set up by the scammers. Users who haven’t yet noticed they are walking into a scam are prompted to enter their login credentials, physical address, phone number, and date of birth. If that wasn’t enough to throw up a few red flags, the site then requests mother’s maiden name and credit card information, including name, expiration date, card number, and security code. Unsurprisingly, three to five days later the customer will notice money missing from their accounts. Shocking.

Granted, the scam is pretty convincing. Unless the user is knowledgeable about potential phishing scams, it would be easy to fall for this PayPal scheme. Even more so, December is the perfect time to run a scam like this: users might not remember every purchase they made online, or they’re too busy to think through every email.

Don’t become a phishing victim this holiday season. Take a moment to stop and think about that alarming email in your inbox: does it make sense? Does it address you by name? Do you remember making that purchase? PayPal might not be the only phishing scam you’ll see – watch out for fake emails allegedly sent by  Amazon, Walmart, or other major e-retail companies.

If you have a concern about your account with a retailer, bank, or credit card company, go to the company’s website manually. Don’t click unverified links in email! See a suspicious email? Forward it to reportaphish@udel.edu.

Think B4 U Click!