PayPal Email Scams and How To Avoid Them
It’s time to take a look at another common phishing email! If you’ve been following my series, you’ll have read about the ones I’ve talked about regarding Netflix and Apple. In my last article, I talked specifically about an Apple ID Email Scam and how I avoided becoming a victim of it. You can read more about that here if you haven’t already.
I took a look at such things as the email address it came from, the email header itself, spelling and grammatical errors and also the fact that the email failed to address me by my name which is one of the biggest red flags out there. If it were a legitimate email they would address me by my first name since I have an account with them.
Today, we’re going to take a look at a common PayPal email scam. This one tends to be a little bit more worrisome for the simple fact that PayPal deals with money and finances primarily the transfer of money so extra care needs to be taken when trying to figure out if an email from PayPal is legitimate or not. Let’s go ahead and take a closer look.
Fake Order From eBay
In this particular email that is supposedly from PayPal, it has payment information from an order of a product from eBay. Upon looking through it, it says that I sent a payment of $41.00 to a seller off of eBay. The crazy thing is, there is no name of the seller in this email and the supposed shipping address is somewhere in Oakland, California and I certainly don’t live there.
This is a major scare tactic by scammers trying to think someone hacked into your PayPal account and made an unauthorized purchase from eBay with your PayPal account information. They want you to be so worried about this that they’ll provide a few links to click so that you can log into PayPal’s website with your login credentials. The problem is that the website is NOT PayPal at all and is designed to capture your login information so that they can use it to get into your actual PayPal account do some damage, more than likely some financial damage which could also lead to identity theft.
You never ever want to click on links from an email like this. If you truly want to login to your PayPal account to make sure everything is ok, do so by opening another web browser and typing in the actual website address of PayPal and then login. I’ve done it that way numerous times to make sure everything really is ok with my account and avoid giving away my login details to unauthorized people/scammers.
Again, this type of fraudulent email is designed to cause you extreme panic and concern so much so that you won’t be thinking that something else is wrong other than a purchase you know you didn’t make and are supposedly being charged for (which you aren’t). I want to take a look at some other things in this email that should throw up immediate red flags.
Email Address
Checking the email address of an email that you suspect might not be from the company it claims, should be the very first thing you do. As I’ve mentioned in some of my other phishing email articles, an email from a legitimate company that you have an account with should have @paypal, @netflix, @apple in the email address. The email address from this particular email is as follows:
<msnger-servernorplyg2qxviqm_jau0000@icould-services.com>
Notice how this email address has nothing even remotely resembling something from PayPal? @icould-services.com? Really? I suspect whoever created this fake email address was trying to make it say that it is from icloud services. The problem with that is it’s strictly from Apple and so again, this would have nothing to do with PayPal.
Your first line of defense should always be to check the email address. I would just get in the habit of even checking emails that are legitimate and that you are expecting. Doing this each time will make you well versed in knowing what’s a legitimate email address and which ones are not.
With that in mind, I do want to warn you that scammers and people wanting to get ahold of your personal information and finances are getting more sophisticated and advanced and it’s just a matter of time before phishing and legitimate emails are so identical that it becomes nearly impossible to tell them apart. There is still an option if you’re ever unsure about an email and I’ll talk about that in a little bit.
Grammatical and Spelling Errors
These days, a phishing email will tend to have a decent amount of grammatical and spelling errors and that should also raise some red flags. This particular email surprisingly does not suffer from a lot of spelling errors, but if you look closely, there are some that can be spotted.
There’s one particular sentence in the body of the email that sends out major red flags to me. Let’s take a look at that sentence. “If it wasn’t made by you clickhere to cancel theorder via paypal“. The part of the sentence that says “clickhere” is actually a link which will more than likely take you to a fake website designed to look as close to the actual PayPal website as possible.
As you can tell, clickhere should be two separate words so that’s a big red flag when the clickable link itself is misspelled. The second part of the sentence has a similar type of misspelling with the words “theorder”. It’s not another link, thankfully, but that still should be concerning if it’s supposed to be legitimately from PayPal. That leads us to the third and final error in this sentence which is PayPal itself. Both Ps in it are supposed to be capitalized, but as you can see with it being the last word in that sentence, it is clearly not capitalized.
If you also take a look at the email header, you’ll notice that it says “payment has been received security manager“. What does that mean? Who’s the security manager and why would it say that? That just raises questions and should make you skeptical of the email itself.
Checking for grammatical and spelling errors should be your next line of defense. Some fraudulent emails will have more than others, but a majority of them will still have them one way or another. As I mentioned a little bit earlier, scammers are getting better at creating deceptive emails so the amount of spelling and grammatical errors will definitely decrease in the years ahead.
Always Be Vigilant
There’s so many ways that scammers and criminals are trying to take advantage of us that it is difficult to want to do anything online or even on our smartphones these days. What I talked about above are ways you can avoid becoming a victim.
Now that you know what to look for in a PayPal email scam and you’re still unsure about an email you’ve received after checking for all of those things, you can forward the email to the actual company itself in most cases. I have done this before with PayPal and I’ve always received a response from them which has given me peace of mind that I’ve either avoided a scam or that the email was a real one from them.
If you go to PayPal’s actual website, you can scroll down to the bottom where they have a small site map and then you can click on a section called security. You’ll want to scroll down a little bit until you see what’s called Responsive Support. They tell you that they are there to help and if you suspect anything, you can forward those emails to spoof@paypal.com.
I still have a few more phishing emails to take a look at it in the future so you’ll want to check back again soon for those particular updates. There are Facebook email scams and Amazon ones as well and I’ll go over each and every one of them and show you want to look for just as I did with the fake PayPal email.
January 26, 2020 @ 5:32 am
This is a great callup on attention here and left to me, I see this as a good thing. After all, I can finally seat back and phish out all these scammy mails out. This is strictly a thumbs up from me. Thank you.
in all honesty, I’d love to share this out on my social media accounts too because it is worthwhile. Thanks
January 26, 2020 @ 12:46 pm
I’m glad to hear that you plan on sharing this because the more people that are aware, the less likely they’ll become a victim to these types of emails. Glad you found my article very
January 26, 2020 @ 5:38 am
Hello there, thank you for sharing this finance saving post. I have always noticed that these hackers are full of grammatical errors, but this one is even better considering the fact that it has a lot spacing. One thing I usually check out for before entering my sensitive credentials into a website is the URL of the website, this is very important as many websites can be created to look exactly as the one we want to login. A lot of sense to be gotten from this post. Thanks for sharing.
Regards!
January 26, 2020 @ 12:49 pm
Hi there! I’m glad that you are able to use your own ways to check to see if an email is fraudulent or not. You’re exactly right in that a phishing website will not have the correct URL to the real company’s home
January 26, 2020 @ 5:38 am
Hello there,I must say this I have never experienced something like this before and I know I don’t want to ….this is a very vital information as we all know the rate of internet scams has increased dramatically over the years and this is one of those tricky ways they use to extort people’s hard earned money….thanks alot for this very vital info I would be on the watch out and I would make sure I share this article for all to see and be aware
January 26, 2020 @ 12:50 pm
Glad to hear you’ve never been a victim of these kinds of scams. You must always remain vigilant as scammers are constantly coming up with all kinds of ways to get your vital information and money away from you.
January 26, 2020 @ 6:00 am
As someone who has had a fair bit of involvement in defensive cyber activity in the last few years I always like to see this kind of post which is highlighting the awareness, knowledge and education of the population at large.
All too often we take the attitude that its going to happen to the other person not to me or not to us. Thats stuff you read about happening to other people I don’t need to worry about it.
Its great that you have done this by sharing your own experiences which might make people think a bit more seriously about the fact that this is an everyday issue affecting all of us.
Thanks
Hamish
January 26, 2020 @ 12:52 pm
You’re exactly right! So many people have the, it can’t happen to me mindset, but then they aren’t careful and BAM, they become the next victim. I want as many people as possible to see that you don’t have to become the next victim and there are ways to prevent that from happening.