PayPal is one of the most important accounts you have online. Don’t get me wrong, I’m not a huge PayPal fan, but when it comes to your money, you don’t want to play around. While getting your Facebook account hijacked is a huge annoyance, it’s nothing like getting your money stolen out of your PayPal account. And the Paypal scammers know this too. That’s why PayPal is one of the most targeted accounts for phishing and scams – there’s real money to be had.
Having a strong password for your PayPal account is important, of course, but most PayPal account break-ins don’t happen because your password is not strong enough. You might be surprised to learn that many account breaches happen when users provide their login information voluntarily. Sounds crazy? This is exactly the way PayPal scammers work. While PayPal does offer security in these matters, you are very much better safe than sorry. So be informed on how scammers can target your PayPal account, and be sure you know exactly how to avoid being scammed.
And be sure to read our article on how Android malware can empty your PayPal account:
Fake PayPal Emails
Fake PayPal emails are insanely common and surprisingly original. Every time I think I’ve heard it all, I read about a new variety of these phishing emails. And they just keep getting cleverer and more sophisticated. Fake PayPal emails can claim any of the following:
- Your account has been limited due to an unauthorized transaction.
- You’re entitled to a refund.
- You’ve received a payment.
- You’ve sent a payment.
- You need to verify your account.
- You need to provide information that will help protect you.
- You need to confirm your email address.
- You need to update your account information.
And so on and so forth. These are just the most common examples to the very persuading, worrying and tempting ways Paypal scam artists can get your attention in these fake PayPal emails. But what can these emails do to you? It’s usually one of three things:
- Persuade you to enter your login information on a fake website.
- Persuade you to call a fake customer support number and provide your login information.
- Trick you into opening an attachment which will install malware on your computer.
So we know these emails are common and persuading, and we know they’re pretty dangerous, so how can you still protect yourself?
Recognizing Fake Emails
1. Look at the sender’s address.
When you get an email from PayPal, always check the “From” field to see who sent it. Many times, you’ll find ridiculous yet confusing things like firstname.lastname@example.org, email@example.com, etc. Sometimes it will even be “firstname.lastname@example.org”, but looking carefully will reveal this is just the name of the sender, and the address is quite different.
In some cases, though, the Paypal scam artists are very smart, and the email does seem to come from the right email address for all intents and purposes. But don’t worry, you still have ways to find them out.
2. Look at the email’s greeting.
A genuine PayPal email will always use your full name or business’ name in the opening. If you see something like “Dear PayPal Member”, “Dear PayPal Customer”, “Dear Customer”, “Hello”, “Dear member”, or anything to that effect, ignore it. This is a sure sign you’re dealing with a fake email.
Does the greeting say “Hello <your full name>”? Continue checking the next points to make sure.
3. Are there attachments?
Does the email ask you to “see the enclosed attachment for more details?” Is there anything at all attached to the email? If so, feel free to ignore it. Genuine PayPal emails never include attachments, and will always prompt you to log in to your account to see whatever you need to see.
No attachments? On to the next sign.
4. Are there links? Check them.
If you look at your genuine PayPal emails you’ll find that most of them don’t contain links you need to click at all. This includes notifications of sent payments, money transfers, and others. Some emails, such as notifications about received payments or signing up for preapproved payments will include links. If you do see links, a great way to verify them is to hover over them and see where they actually lead (without clicking!). All genuine links will lead to https://www.paypal.com/***. If you see anything else, including the correct address in a non-secure website (http:// instead of https://), don’t click it, and ignore the email. Most scam emails will include links to fake websites, as this is a great way to steal your login information.
You can also examine the link’s text. Does it say something like “Click here to activate your account”? Or “Confirm my account”? These are most probably fake. But don’t ever rely on text alone, always check where a link leads to in order to make sure.
5. Does the email ask for personal information?
Does the email ask for any personal information such as credit or debit card numbers, bank account details, driver’s license number, email addresses, or passwords? Ignore, ignore, ignore. PayPal will never ask for any personal details in an email.
6. Grammar and spelling
This is a no-brainer, but it’s nonetheless important. Many of these Paypal scam emails are written in bad English and include grammar and spelling mistakes. Naturally, genuine PayPal emails don’t have mistakes, so this is a quick and easy way to tell them apart. Another telltale sign is the use of punctuation marks. “Attention!”, “Your PayPal Account has been limited!”, “Thank you for using your bank account!” “Cancel transaction!”, are all signs of a spoof email.
I Found A Fake Email, What Do I Do?
As I’ve said over and over again throughout this post, the best thing to do with these fake emails is ignore and delete them. If you want to help others avoid similar emails, you can forward the email as is to email@example.com, and then promptly delete it. This will inform PayPal of the scam.
Fake PayPal Websites
Fake PayPal websites are an extension of fake emails, and are usually linked to within these emails. A fake PayPal website can look identical to the real PayPal, but when you try to log in, it will simply steal your username and password. Even if you’ve gone ahead and clicked a link in an email, not all is lost. Unless the website you’ve reached contains malicious scripts, you can still escape the scam.
Even if the website looks exactly like PayPal, stop for a minute and look at the address bar. Do you see this?
There are three things you need to look for:
- Are you actually on a www.paypal.com website?
- If the address is actually www.paypal.com, is it also https?
- Do you see the lock symbol (doesn’t appear in IE9 or lower)?
If all three (or first two, if you’re using IE9 or lower) are present, you should be safe. However, always be sure to check these on the page you’re actually logging into. Some very sophisticated scams have been known to appear on a genuine PayPal server, and then lead you to another page where you’re asked to log in – this one a fake. So even if everything seems in order, make sure to double check before actually entering your login information.
Note: the green verification bar might not appear when you try making payments to third-party websites through PayPal. This does not mean they’re fake. However, you should definitely look for it on any link you follow from a PayPal email.
Avoiding PayPal scams is not hard. To start with, many of these scam emails are already filtered to your spam folder. If for some reason one escapes through, following the tips lined out in this post should keep you safe from any tricks and phishing scams. They’ll also help you spot other online scams such as ghost broking, which involves car insurance fraud.
Scammers try all avenues, even phone calls like those claiming to be with Windows Tech Support, so be cautious.