Stay one step ahead of the fraudsters with our series of articles giving you the lowdown on the scams they use to trick people out of their hard-earned cash - and how to avoid being taken in by them.
This week, how fraudsters are targeting PayPal customers with fake Twitter accounts.
How does it work?
PayPal users are being advised to Tweet with caution following reports that scammers are tricking customers into handing over their bank details by posing as PayPal customer support.
Known as "angler phishing", attacks of this kind are becoming more common on social media sites, with fraudsters setting up accounts mimicking those of reputable companies or service providers in order to target customers who reach out for help.
In this instance, PayPal customers who tweet using the official @PayPal handle are being contacted by criminals claiming to be from the payments organisation.
And those tricked into believing the Twitter account is genuine are being directed to links that ask them to give up sensitive account information.
Cybersecurity firm Proofpoint said: "In both of these cases, the fraudulent but realistic Twitter handle, landing page, and login screen create a convincing lure that can entice users to enter their PayPal credentials into the fraudulent page."
The official PayPal support account on Twitter is @AskPayPal, so any other supposed PayPal accounts should be treated with extreme caution.
To protect yourself against other, similar scams, meanwhile, it's worth double checking a company's Twitter page and website before replying to any messages from supposed customer support services.
As always, the best way to protect yourself is to err on the side of caution, particularly when you are asked to share sensitive information.
I've been defrauded. What should I do?
If you are caught out by an "angler phishing" attack on Twitter, or contacted by an account that looks suspicious, you should report the dodgy account to Twitter so that it can take action to get it closed down.
If you have given out your PayPal or bank account details, you should also contact the relevant company immediately to secure your account.