PayPal is a popular payment service used successfully by many people particularly when making purchases through eBay. However, because it is so popular with the public, it is also popular with scammers who will fashion PayPal related phishing emails that appear to come from PayPal and attempt to either lure you into clicking on links that will result in malware being downloaded on to your computer or phone or lure you into providing personal information that can be used to make you a victim of identity theft. I have described many of these phishing emails as they have been uncovered in the last few years and the PayPal phishing email about which I am writing today is one of the most persuasive and legitimate appearing phishing emails that I have ever seen. The graphics appear legitimate, the grammar is proper and the email even refers to you by name. It is important to remember, however, that it is very simple for a scammer to counterfeit logos of companies to make their phishing emails appear to be legitimate. What makes this email even more persuasive is that the email address from which it was sent has the words “PayPal” in it. Most people would be unaware that legitimate emails from PayPal will always come from PayPal.com so an email that comes from mail.PayPal.com will appear legitimate while it is not. Often phishing emails are sent by botnets of computers that have been hacked for the purpose of sending out phishing emails and covering their tracks. Thus an email that purports to come from your bank will be sent by an individual person who has no idea that his or her computer and email has been hacked, however you can determine that the email is a scam quite easily if the email address does not appear legitimate because it comes from an individual person rather than the company which it purports to be.
This particular phishing email asks you to click on links to confirm your information. This is a common ploy in many phishing emails.
TIPS
The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not. The answer is, as I always say, trust me, you can’t trust anyone. Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified that the request for personal information or instructing you to click on a link is legitimate. In the case of PayPal, if you have a question about your account, you can contact PayPal online at https://www.paypal.com/re/selfhelp/home
If you do receive a PayPal phishing email, you should forward it to PayPal at spoof@paypal.com
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”