It’s time to take a look at another common phishing email! If you’ve been following my series, you’ll have read about the ones I’ve talked about regarding Netflix and Apple. In my last article, I talked specifically about an Apple ID Email Scam and how I avoided becoming a victim of it. You can read more about that here if you haven’t already.
I took a look at such things as the email address it came from, the email header itself, spelling and grammatical errors and also the fact that the email failed to address me by my name which is one of the biggest red flags out there. If it were a legitimate email they would address me by my first name since I have an account with them.
Today, we’re going to take a look at a common PayPal email scam. This one tends to be a little bit more worrisome for the simple fact that PayPal deals with money and finances primarily the transfer of money so extra care needs to be taken when trying to figure out if an email from PayPal is legitimate or not. Let’s go ahead and take a closer look.
Fake Order From eBay
In this particular email that is supposedly from PayPal, it has payment information from an order of a product from eBay. Upon looking through it, it says that I sent a payment of $41.00 to a seller off of eBay. The crazy thing is, there is no name of the seller in this email and the supposed shipping address is somewhere in Oakland, California and I certainly don’t live there.
This is a major scare tactic by scammers trying to think someone hacked into your PayPal account and made an unauthorized purchase from eBay with your PayPal account information. They want you to be so worried about this that they’ll provide a few links to click so that you can log into PayPal’s website with your login credentials. The problem is that the website is NOT PayPal at all and is designed to capture your login information so that they can use it to get into your actual PayPal account do some damage, more than likely some financial damage which could also lead to identity theft.
You never ever want to click on links from an email like this. If you truly want to login to your PayPal account to make sure everything is ok, do so by opening another web browser and typing in the actual website address of PayPal and then login. I’ve done it that way numerous times to make sure everything really is ok with my account and avoid giving away my login details to unauthorized people/scammers.
Again, this type of fraudulent email is designed to cause you extreme panic and concern so much so that you won’t be thinking that something else is wrong other than a purchase you know you didn’t make and are supposedly being charged for (which you aren’t). I want to take a look at some other things in this email that should throw up immediate red flags.
Checking the email address of an email that you suspect might not be from the company it claims, should be the very first thing you do. As I’ve mentioned in some of my other phishing email articles, an email from a legitimate company that you have an account with should have @paypal, @netflix, @apple in the email address. The email address from this particular email is as follows:
Notice how this email address has nothing even remotely resembling something from PayPal? @icould-services.com? Really? I suspect whoever created this fake email address was trying to make it say that it is from icloud services. The problem with that is it’s strictly from Apple and so again, this would have nothing to do with PayPal.
Your first line of defense should always be to check the email address. I would just get in the habit of even checking emails that are legitimate and that you are expecting. Doing this each time will make you well versed in knowing what’s a legitimate email address and which ones are not.
With that in mind, I do want to warn you that scammers and people wanting to get ahold of your personal information and finances are getting more sophisticated and advanced and it’s just a matter of time before phishing and legitimate emails are so identical that it becomes nearly impossible to tell them apart. There is still an option if you’re ever unsure about an email and I’ll talk about that in a little bit.
Grammatical and Spelling Errors
These days, a phishing email will tend to have a decent amount of grammatical and spelling errors and that should also raise some red flags. This particular email surprisingly does not suffer from a lot of spelling errors, but if you look closely, there are some that can be spotted.
There’s one particular sentence in the body of the email that sends out major red flags to me. Let’s take a look at that sentence. “If it wasn’t made by you clickhere to cancel theorder via paypal“. The part of the sentence that says “clickhere” is actually a link which will more than likely take you to a fake website designed to look as close to the actual PayPal website as possible.
As you can tell, clickhere should be two separate words so that’s a big red flag when the clickable link itself is misspelled. The second part of the sentence has a similar type of misspelling with the words “theorder”. It’s not another link, thankfully, but that still should be concerning if it’s supposed to be legitimately from PayPal. That leads us to the third and final error in this sentence which is PayPal itself. Both Ps in it are supposed to be capitalized, but as you can see with it being the last word in that sentence, it is clearly not capitalized.
If you also take a look at the email header, you’ll notice that it says “payment has been received security manager“. What does that mean? Who’s the security manager and why would it say that? That just raises questions and should make you skeptical of the email itself.
Checking for grammatical and spelling errors should be your next line of defense. Some fraudulent emails will have more than others, but a majority of them will still have them one way or another. As I mentioned a little bit earlier, scammers are getting better at creating deceptive emails so the amount of spelling and grammatical errors will definitely decrease in the years ahead.
Always Be Vigilant
There’s so many ways that scammers and criminals are trying to take advantage of us that it is difficult to want to do anything online or even on our smartphones these days. What I talked about above are ways you can avoid becoming a victim.
Now that you know what to look for in a PayPal email scam and you’re still unsure about an email you’ve received after checking for all of those things, you can forward the email to the actual company itself in most cases. I have done this before with PayPal and I’ve always received a response from them which has given me peace of mind that I’ve either avoided a scam or that the email was a real one from them.
If you go to PayPal’s actual website, you can scroll down to the bottom where they have a small site map and then you can click on a section called security. You’ll want to scroll down a little bit until you see what’s called Responsive Support. They tell you that they are there to help and if you suspect anything, you can forward those emails to firstname.lastname@example.org.
I still have a few more phishing emails to take a look at it in the future so you’ll want to check back again soon for those particular updates. There are Facebook email scams and Amazon ones as well and I’ll go over each and every one of them and show you want to look for just as I did with the fake PayPal email.