PayPal Phishing Emails are Getting More Sophisticated
I’m back with another look at phishing emails. I want to take a look at how PayPal phishing emails are getting more sophisticated and that may be true for phishing emails in general. This is in regard to a particular phishing email I received not too long ago.
If you’ve read some of my previous posts regarding phishing emails, such as the one regarding an Apple phishing email, you’ll have read some of the specifics of how to spot it being a fake email and not become a victim of these type of scams. I will also talk about those again here because I want everyone to have the information needed to not fall victim to one of these types of emails.
What Briefly Made Me Think It Really Was From PayPal
Believe it or not, I really thought that this particular email was a legitimate one for a short time. Even when I read the title of the email, which started to raise my suspicion, I thought it could still be a real email from PayPal. Now I know I’ve talked about things to look for when it comes to phishing emails, but with this one, it was just a little bit different because the scammers used something that PayPal uses as well for their real emails.
What is this thing I’m talking about? It has to do when you first see an email, in particular, who the email says it is from, which is to the left of the email header or title. In this particular case, it said “service@paypal.com“. Now PayPal actually uses that to indicate a transaction that would have taken place on your actual account. In fact, I’ve included a picture below that shows a legitimate email from PayPal regarding a transaction I conducted from Subway and uses the “service@paypal.com” indicator.
So you can now probably imagine how I felt when I saw that particular indicator of where the email is from, initially causing me to think it was a real email. As I said earlier, even with the title of the email starting to raise my concerns about the email, I still felt it could be legitimate.
Of course, when I finally clicked on the email, I honed in on something that immediately made me realize that this was indeed a phishing email and not from PayPal at all. The thing is though, some of the things that I’ve talked about that should raise red flags about the legitimacy of the email, weren’t really there, but there is one tried and true method that definitely will give you the biggest red flag of whether it’s a real email from the company or not.
Why the Email Header Raised My Suspicions
The big reason that the email header started getting me concerned is because the title just looked odd, something that just didn’t seem typical of PayPal and more typical of phishing emails, especially PayPal phishing emails. There were brackets in the header and weird numbers and letters that were supposedly case numbers.
It also said that there was a PayPal ID number which I have never seen from my actual account. Now that should’ve been enough to make me decide that this was a scam email, but again, the indicator of who it is from (service@paypal.com), still made me think that it could really be from PayPal.
This should definitely be cause for concern for people who are worried about being scammed online. Scammers are definitely getting better at deceiving people with emails and this particular one is a perfect example of it. The fact that it even briefly had me fooled might surprise some, but it also shows how determined scammers are at getting access to your accounts and personal information.
Don’t worry though, I did not fall for their scam and my one tried and true method for determining whether an email is real or not is what ultimately stopped me from moving any further and I’m going over that next.
Always Pay Attention to The Email Address
When I clicked to open the email, I immediately went to see the email address that this email was sent from. In the past, I mentioned what most companies use as their real email address versus an email address that comes from scammers. PayPal will always send an email from an address that has PayPal in the address and it will usually be a short email address.
Scammers will use email addresses that will not have the company name listed in the address at all and it will generally be very long with a weird series of numbers and letters. This will always be your biggest red flag so it really should be the first thing you seek out when determining if the email is a phishing one or not. This particular method has never failed me yet.
“lyheo9-jnhbhgyt34.rigayunah42@1643-politikus53.lyheo90.kjnbhg34hga.cefalpa.com“
As you can see above, that email address just looks plain awful and does not look like it would be from PayPal or any other company at all. All of the phishing emails I’ve received, whether it says it’s from Apple, PayPal, Facebook, Amazon, and Netflix, usually have email addresses similar to the one I’ve shown above.
I did once get a question from someone about if you could actually send a reply to that email or not. Your email provider will more than likely let you respond, but you may not get a response from anyone as it seems scammers like to try and mass produce fake email addresses and are more concerned with people clicking the links in the actual emails and begin their fraudulent activities against innocent people.
My Other Red Flags Did Not Really Show Themselves
Some of the other red flags I’ve talked about in the past are spelling and grammatical errors that tend to be present in these type of emails. Well, I have to say that they weren’t really present in this one which shows the scammers are improving. Take a look at the body of the email:
“Your PayPal account is temporarily limited
Why is your account limited?
We noticed some unusual activity in your account and we want to make sure no one has logged into your account without your permission.
Date and time : 4/9/2020 9:52:15 AM
IP Address : 104.208.241.197
Platform : iOS
To ensure that your account remains secure, we need you to take action on your account.
We’ve also temporarily limited certain features in your PayPal account.
Currently, you won’t be able to:
- Receive money
- Send money
- Withdraw money
What should you do?
Log in to your PayPal account and perform the required tasks.”
As you can see, there really aren’t any unusual spelling or grammar errors that would raise red flags for this email. That’s definitely very concerning because it just make things harder to determine a scam email from a real one. Not to worry though, you know what the biggest red flag is which should tip you off.
Never Click the Links in the Email
Let’s say you might have some concerns, but feel it is legitimate and you are truly worried that your real PayPal account did get locked or limited for whatever reason. DO NOT EVER click the links inside these particular emails and instead open up a separate browser and type in the actual website address of the company.
This links will lead to fake websites that are made to look like the real PayPal site or whatever company they are trying to convince you that it’s from. When you start to type in your login credentials through the link you clicked on in the email, the scammers will more than likely be able to capture your login credentials and then login into your actual account and start doing fraudulent activity.
If you are just completely unsure of the legitimacy of an email that may or may not be from PayPal, you can actually forward the email to this address: spoof@PayPal.com
The email in question will be sent to PayPal themselves and they will likely respond to you telling you that the email is a phishing email (or might actually be one from PayPal). They might ask you questions such as if you have clicked any of the links in the particular email and if so, have you logged into your account at the fake website the link took you to.
PayPal may want to take immediate action on your account if you did try to login under the fake website because they want to limit any fraud that might happen on your account or prevent anymore from happening. Now that you know that PayPal emails are getting more sophisticated and how I was still able to spot that this was a phishing email, you can avoid becoming a victim.
I will certainly post more of these articles soon as I want as many people as possible to be informed and not fall victim to these type of scams. Unfortunately, these type of scams are rapidly on the rise, especially with the pandemic going on. There are LOTS of scams popping up regarding the Covid-19 virus and the scammers are playing into peoples fears. It’s so sad that people are trying to take advantage of others during this difficult time, but always remain vigilant and if something doesn’t feel right to you, trust your gut and don’t go forward with it! Better to be safe than sorry. Have any of you seen an increase in phishing attempts in your email inbox? If so, post your comments below.
April 11, 2020 @ 9:47 pm
It’s always hard to believe that anyone falls for these scams, but like you I have even almost fallen for some of the more sophisticated ones. I have received the same PayPal Scam as well as the Apple one. I have also noticed that the scammers are using a spell checker or something to do a better job in getting our money.
Great job covering all the ways to avoid falling for these scams. Especially letting people know that if you receive an email from any company don’t follow the links in the email just go directly to their website yourself.
With the Coronavirus stuff going on I have definitely seen an uptick in the number of scam emails I’ve received. Anyone trying to scam people during this time should receive double the penalty in my opinion. Saw a story of a guy trying to pass a Coronavirus cure yesterday. Made me sick to my stomach that someone might fall for that stuff.
Great job on your site,
Rob
April 11, 2020 @ 10:53 pm
I certainly agree with you in that the penalty should doubled for scammers that are caught. So many Coronavirus scams are happening and it saddens me that people are falling for them. I will continue to release these type of articles so that people can be informed on how to avoid scams like these. Glad you enjoyed my article.
April 11, 2020 @ 9:49 pm
A couple of years ago, i had a Ukrainian hacker who accessed my account and too like $400 dollars. Got me mad angry.
I couldn’t believe it man and i felt bamboozaled. I see emails now of these paypal phishers who wanna steal information but i don’t reply to them. And in a post Covid 19 world, you have more of these bastards ready to take away what they can from you.. Thanks for writing this article.
April 11, 2020 @ 10:54 pm
Glad this was helpful for you. Sorry to hear you were the victim of hacker. So many people become victims to them and scams like the email ones. We always have to remain vigilant.
April 11, 2020 @ 9:59 pm
After reading your blog, I immediately went to my email to see the latest PayPal email that I’d received. I checked it, looking at the address and to see if there were any weird numbers or whatever. It looks legit but I’m going to take on board what you said. From now on when I get an email from PayPal to tell me I’ve been paid, I’ll just open a new browser and login separately. For the sake of it taking a few extra seconds, it’s worth it, right? I really appreciate this reminder as I get monthly emails from PayPal.
April 11, 2020 @ 10:55 pm
I’m glad this has been helpful for you! It never hurts to open a separate browser and go directly to the website itself if you’re ever in question of the legitimacy of an email. Precautions are a must these
April 14, 2020 @ 7:48 am
I have been a very target of the evil people for a very long time and i swear it has not be easy as i have sent a lot of phishing email to spoof by paypal….i have a lot of person who have fallen into he hands of this hackers and lost a lot of there hard earned money…for me,i think we should all disregard all emails even the ones for paypal it self.
April 14, 2020 @ 12:01 pm
We just have to be vigilant and know what to look for in emails, it’s not necessary to rid all emails. Sorry to hear that you’ve have friends be taken advantage of. That’s why I make these articles, to let people know what to look for in phishing emails and be able to tell real emails vs fake ones.