The phishing email scam flow just doesn’t stop and in some cases seems to be increasing. I’ve received Apple and PayPal phishing scams recently and I want to share those with you today. It’s extremely important to share these scams with you so that you’re aware of what’s going around through email and other methods.
In one of my most recent articles, I talked about a phishing scam that appeared to be a PayPal email. I was able to show what happens when I clicked on the link inside the fraudulent email and it took me to a site designed to look like PayPal’s actual log in page. It’s scary how nearly identical it looked to PayPal’s actual page. You can read more about it by clicking here.
Now it’s time to take a look at a few of the recent PayPal scams I received as well as one that claims to be from Apple. I will look at what these emails say, what red flags are present, and what you can do to alert the actual companies that these scams are landing in people’s email inboxes.
PayPal Phishing Scam Number 1
This particular scam came into my inbox early this morning. I paid attention to it because it said service@paypal which is something that PayPal does use, but only to let you know of a recent transaction that happened on your PayPal account that was authorized.
In this instance, it was used to tell me that my account had been suspended. That’s one of my biggest red flags right there, what it says in the email header because if it says that something has happened to my account, I can tell from it that it’s not going to be a legitimate email from PayPal.
PayPal never sends an email with the firstname.lastname@example.org address in regard to there being an issue with your account. Now when I click open the email, the first thing I notice is at the very top it says that my PayPal account is temporarily limited. I’ve received phishing emails in the past that have mentioned temporarily limited before, but they said it in a way that didn’t make any grammatical sense. Needless to say, when I saw that, my suspicions grew even more that this was a scam.
I will have to say though when reading the rest of the email, I didn’t really find any grammatical or spelling errors which is kind of scary because it shows that the scammers are getting better at making their scams look more authentic and could make people believe it really is from PayPal.
What’s interesting or very worrisome, is that they also use the PayPal logo to try to make it look authentic. Now the email says that they’ve noticed suspicious activity on my PayPal account and have temporarily limited the use of certain features on my account such as the ability to send and receive payments as well as withdrawing any funds.
The next thing is that they have a button that contains a link that’s supposed to take you to PayPal, but I will tell you right now that it absolutely does not take you to PayPal. When I clicked it, I got a red warning message that the site I’m trying to go to is deceptive and may try to trick me into doing something dangerous such as installing software or revealing personal information such as passwords, credit cards, and more.
Needless to say, I did not proceed to that website, but I wanted to show you what could happen if you click a link inside a fraudulent email. If you’re truly worried that something really has happened to your PayPal account, what you can do is open a separate browser and go directly to PayPal that way instead of clicking the link inside the email. What will more than likely happen is that once you log in to your PayPal account, you’ll see that everything is fine.
The biggest way to detect whether or not an email is fraudulent is to look at the email address it came from. Now it may initially say email@example.com, but if you click open the email and look at the top, you’ll see a completely different email address and it will not even remotely look like something from PayPal. Here’s what the actual email address looks like: noreply-56652262-56652262-56652262-56652262-5665226256652262@91. Does that even look like a legitimate email address from PayPal? It looks like mostly a long set of repeating numbers.
As you can tell from that email address, it’s not from PayPal at all and that’s what you always want to check first before anything else. If you see something like this or something similar and it doesn’t have @paypal in its email address, you can put your mind at ease knowing that it’s not from them and that you didn’t fall for the scam. What should you now do with an email that you know is fraudulent? I will tell you after taking a look at a couple of more examples of phishing scams that I received.
PayPal Phishing Scam Number 2
The second phishing email that I received, came into my inbox last week on October the 14th. It used the same type of firstname.lastname@example.org email cover to make you think it’s from them, but just like the first one, the email header gives it away that it’s not a legitimately from PayPal. The header says that my account has been suspended and then it has in parentheses, some kind of reference number.
Once again, if PayPal sends an email that shows service@paypal, it means that a transaction has processed on your account, NOT that your account has been suspended. Also, like I said earlier, if you’re worried about your account, just go to PayPal in a separate browser and log in that as you’ll see that your account is ok.
Now the message inside the email is similar to the first phishing scam. It says that my account has been temporarily restricted because they supposedly found suspicious activity on credit cards linked to my PayPal account. The thing is though, I have no credit cards linked to my actual PayPal account so I know this email is fake.
I did click the link in the email to see where it would take me, but nothing loaded on my screen and my virus protection let me know that it blocked me from a phishing website. Links in these type of emails will almost always take you to phishing sites that will try to steal your information such as your log in information and in this case, it would’ve been your PayPal log in information.
The actual email address does not match the service@paypal one. Here’s what the actual email address is: email@example.com. The address is nothing but a long series of numbers and letters and then it ends in .org.
If you’re in doubt about anything else in the email, always check the email address as this will almost always give it away. You’ll be able to tell immediately whether the email truly is from PayPal or not. Now I want to take a look at a one last phishing scam that I received that claims to be from Apple.
An Apple Phishing Scam
This particular email phishing scam is interesting, but still a dangerous one and doesn’t have a link to click on inside of it. What it does have though is a downloadable PDF. It is extremely important that you DO NOT download that PDF file! Don’t even try to open it in a preview.
That PDF will have either some kind of virus or malware on it that will try to infect your computer. It could also cause what’s called ransomware, where all files or certain ones will be locked on your computer and the only way to get access to them again is to give in to the demands of the scammers.
They’ll usually ask for some type of payment and these days it’s usually in the form of cryptocurrency. Usually they’ll ask for payment in the form of the Bitcoin cryptocurrency, but there are some others known as Ethereum, and Litecoin. Even if you pay them, there’s no guarantee that they’ll grant you access to those files and there’s always a risk they could demand more.
There’s no guarantee that what’s in that PDF file is ransomware, but for you it’s wise not to risk it. It could also contain malware designed to record log in information and passwords to sensitive places such as you online banking, credit cards, and more.
Now the email claims it’s from Apple as they use the email cover Apple Support, but when you click inside the email and look at the actual email address at the top, you’ll see that it definitely is not an Apple email address. It looks a little similar to the email address from the PayPal phishing scams.
Another thing is how they address you in the email. If you truly have an account with them, and this goes for the PayPal scams as well, you would think they would address you by your first name. No, instead they use Dear Clients. Sorry, but if you can’t use my first name, then I know it’s not a legitimate email from any company.
Now that you’ve seen the examples of these latest phishing scams that I received, and you may have realized that you’ve received similar ones as well, you might ask what should you do next with these bad emails? That’s what I’ll talk about next.
What to do with Fraudulent Emails
Since you’re now able to spot phishing emails and have not fallen victim to them, you might wonder what you should do with them. The easy thing to do is just delete them and there’s nothing wrong with that, however, the legitimate companies that the emails say they are supposed to be from, might want to know what’s circulating out there.
They want to know who is trying to mimic them so that they can’t try to put a stop to it and prevent people from falling victim to these scams. Fortunately, PayPal and Apple have ways to report suspicious emails. What they’ll want you to do is to forward those emails to a specific address.
The address to forward a fraudulent Apple email scam is firstname.lastname@example.org. You can also find other useful information regarding phishing scams be clicking here.
PayPal has a very similar setup and they’ll want you to send PayPal phishing scams to this address which is email@example.com. PayPal also has some other useful information regarding phishing scams and you can click here to read all about it.
PayPal and Apple aren’t the only companies with ways to let them know about phishing scams. Amazon and Netflix are other popular companies that scammers like to try to mimic as well and I’ve shared some examples of those in some of my past articles.
Always Keep A Watchful Eye In Your Email
Now that you know about some of the Apple and PayPal phishing scams, you can share with others so that they don’t become victims of these horrible scams. You always want to keep a watchful eye on your email and never let your guard down.
If something seems odd to you or you’re just unsure, forward it to the company’s email that they provided and they’ll at times let you know if the email really was from them or if it was a phishing scam.
Again, make sure you never click links inside emails you believe to be fraudulent because they’ll more than likely take you to phishing websites to try to capture your log in information so that they then will be able to do some serious damage to your account from whatever company they’re trying to pretend they are.
You also don’t ever want to download any file from these phishing emails if they appear to have a downloadable file, especially one that’s in a PDF form. As long as you take the steps I talked about in this article as well as my past articles, you’ll ensure that you never become a victim of an email phishing scam.