Security News > 2020 > February > PayPal SMS scams – don’t fall for them!
Crooks almost certainly can't get hold of a server name that ends with, say, paypal DOT com, but can create any number of subdomains that start with paypal DOT and end with some unrelated domain.
The suspicious-looking right-hand end of a full domain name often ends up invisible on a mobile phone because it won't fit in the address bar.
As you can see above, both websites use HTTPS, which denotes secure HTTP. Remember that HTTPS vouches for the security of the network communication between your browser and the website at the other end.
If you do supply the crooks with everything they're after, the crooks bump you across to the genuine PayPal home page.
If you click through to the scam again, at least within the next few hours, you won't see the telltale signs of the scam the second time around - you'll just end up redirected immediately to the final, real PayPal page shown above.
News URL
https://nakedsecurity.sophos.com/2020/02/05/paypal-sms-scams-dont-fall-for-them/