I’ve talked a lot about Phishing Scams especially ones I receive about PayPal. You’ve been shown what those kinds of emails look like and what you can do to avoid becoming a victim of them. You might be wondering if there is a way to simplify what to look for in an email phishing scam. This might bring up the question, what are two ways to protect yourself from phishing scams?
That’s a very good question and I will share what those two ways are as well as show you three email phishing scams I’ve recently received, all claiming that they are from PayPal. I’ve been receiving quite a few phishing scams in my email inbox lately with an overwhelming majority of them claiming to be from PayPal and not so much from Amazon, Netflix, or Apple. Let’s take a look now at the emails I’ve received as well as what those two ways of protecting yourself are so that you never become a victim.
Two Ways To Protect Yourself From Phishing Scams
Believe it or not, I’ve talked quite a bit of what those two ways are. If you’ve read my past articles, such as this one, you’ll know what I’m talking about. Any guesses? Well here they are! The first and also the best way, is to ALWAYS check the email address that the email actually came from.
A legitimate email from an actual company will always have the name of the company in its actual email address. Any email that claims its from whatever company, but does not contain its name in the email address is generally a scam especially if its a long email address, which I’ve given examples of.
That will always be your first line of defense as well as the best because anything else after that will be either icing on the cake, or the scammers have gotten sophisticated enough that you’re unsure if the email itself is truly a scam or not. That’s why you’ll always want to check the email address first before anything else.
The second way to protect yourself from phishing scams is to look at what the email itself says. In a lot of cases, phishing emails will have grammatical and spelling errors which should raise a red flag. Some of the PayPal Phishing emails I’ve received in the past said something along the lines of “temporary limited” which in the overall sentence, didn’t make sense. “Because of these actions, we’ve given your account a temporary limited”. What the heck is a temporary limited?! When things don’t make sense, that should let you know that something is not right.
I’ve received 3 phishing emails within the last 3 weeks, all claiming to be from PayPal. 2 of them I received in the same day. I want to take a closer look at these to give you an example of what to look for.
Phishing Email 1
Before I go into the body of the email, I want to show you what the email address that it came from, looks like.
As you can see, it doesn’t have anything remotely looking like it actually came from PayPal. It’s a long email address with what seems to be random letters and then I have no idea what shanitamara.com is. Like I said earlier, this is the first thing you want to check if you suspect an email is fraudulent.
Now let’s take a look at the email body itself. You will notice the second thing I’ve mentioned to look out for so that you can protect yourself from these scams.
Your Account hasbeen limited !
Your Account information has been changed. [ Billing or Shipping Address ] As our security precautions, we need more informations from you. Your account will be limited until you provide some additional information.
Please login into your Account and review your activity by clicking link below:
Your action is required to help us to protect you PayPaI account securely.“
Look at the grammatical and spelling errors in this email. “Your Account hasbeen limited !”. The second line is already littered with mistakes. Why capitalize account if its not at the beginning of the sentence? Then you’ll notice that has and been are all one word and not separated. Next up you’ll see the use an exclamation point, but they put a space in between it and the sentence.
Going further into the email, you’ll notice that they capitalize Account yet again and then they begin the next sentence with brackets and have Billing or Shipping Address inside the brackets. There’s no explanation as to what this is for and then they capitalize As and go on further to say they need more informations from you which is yet is another spelling error.
In the line above the link, they once again capitalize Account and then they want you to click the link below to supposedly review your account activity. While the link may look genuine, I guarantee you its not. It may look like an authentic PayPal link because of the name PayPal in it as well as login at the end of the url, but I guarantee you that its phishing site designed to look similar to PayPal’s website, but will instead steal your log in information or your identity.
That’s why its imperative that you never click on a link from an email you’re not entirely sure about. You don’t want to give these scammers exactly what they’re looking for. Now let’s take a look at the second phishing email that I received.
Phishing Email 2
Your PayPal account has been limited because we have noticed significant changes in your account activity.As your payment processor, we need to understand these changes better.
Please log in to your PayPal account and provide the requested information through the Resolution Center. If we don’t receive the information your account may be further limited.“
Now there aren’t as many spelling and grammatical errors in this particular email when compared to the one above, however, there are some that can be spotted.
There isn’t a space from the end of the first sentence and the beginning of the next one. There’s also one other thing that I wanted to point out. Notice how the email starts: “Dear firstname.lastname@example.org“. Um, if I have a legitimate account with PayPal, wouldn’t they actually address me by my first name and NOT my email address?
Let’s take a closer look at the email address it came from:
Just like the first email I showed above, this email address does not have PayPal in it at all and it just some long, almost seemingly random email address. PayPal would NEVER send an email from an address like this and it would be pretty short if this were a legitimate email from them.
It’s time to take a look at the final phishing email that I received and see how similar it is to the ones that I had just shown. Once again, the two things to protect yourself from these type of emails, apply here.
Phishing Email 3
Suspicious Activity on Your Account
Your Account information has been changed. [ Billing or Shipping Address ] As our security precautions, we need more informations from you. Your account Has been limited until you provide some additional information.
Please login into your Account and review your activity by clicking link below:
Your action is required to help us to protect you PayPaI account securely.”
As you can see, they once again addressed my by my email address and not my first name. Next, you can see some spelling and grammatical errors which are very similar to the first email that I had shown.
There’s no reason to capitalize Account, Billing or Shipping Address is once again in brackets and we don’t know why, informations is misspelled and makes no sense because of the spelling error, and they capitalized Account towards the end. Oh yes, I don’t want to forget the email address that this beauty came from:
What I find really interesting about this particular email address is that not only is PayPal not in it, the email address has covid in it which is really unusual considering what’s going on in the world at the moment. This is definitely not a legitimate email from PayPal.
You no longer have to ask what are the two ways to protect yourself from phishing scams because I gave you great examples of the type of phishing emails that I and other people tend to get and the two biggest red flags that will protect you from phishing scams.
The email address these scams come from will always be your number one way to protect yourself from being a victim of this type of scam. I always look at that first before anything else and that will always tip me off of whether an email is legitimate or not. A true email from PayPal or any other company will usually have the name of the company in the email address.
The second way to protect yourself is to always check for spelling and grammatical errors like I was able to show in those emails above. Most phishing emails will have some of these type of errors which should give you a red flag. Now I will say that some scammers these days are getting better with spelling and other common grammatical errors and so at times its getting harder to find any in a phishing email. That’s why it’s important to check the email address it is sent from before anything else.
Have you ever been a victim of email phishing scams? Are there any other things that raise red flags for you when it comes to phishing emails? Feel free to post your comments below.