You know, I rarely get these things because my e-mail filters out almost all spam that I receive. However, since I started using G-Mail as my e-mail service for this blog, I have noticed that a few of my e-mails have been sent to the Spam folder that shouldn’t have gone there. So, I always check my Spam folder just to be sure. In fact, I have been using PayPal a lot recently, and a couple of the PayPal e-mails went to my Spam folder when the should have gone into my inbox. No big deal, I just moved them over into my inbox and I was done with it. The good news is, G-Mail “learns” your settings, so if you click “not spam” or “spam” a few times, it will automatically place the e-mail accordingly.
Well, today I had two PayPal e-mails in my Spam folder, one was legit, and the other was not. The legitimate e-mail was for a payment received, the phishing e-mail was a “Receipt for Your Payment” that I never made. That is what they are counting on. They want you to contest the payment by scrolling down within the e-mail where there is a link titled “Dispute Transaction.” Next to it are the words “Encrypted Link.”
I don’t know for sure, but my guess is the link takes you to a site that looks like PayPal, but has a different URL. There the log-in is designed to harvest your information, probably by giving you an error screen and a message to try back later. By then, your log-in information is long gone and they will sign into your PayPal account with your information and send the contents of your account to their designated bank. Gone. All of it.
At first glance, the e-mail looked legitimate based on the layout, color scheme/pictures, transaction numbers, dollar value, and links. However, upon closer inspection of the details and language of the e-mail, I decided I needed to investigate further. Instead of clicking on any of the links within the e-mail, I logged on to my PayPal account in a separate window. There was no pending transaction for my account. This confirmed my suspicions.
Don’t fall for this scam. If you ever have any doubts, don’t click on any links within the e-mail. Open the website in question in a different window and investigate on your own. That is the safest way to handle it… And you can never be too safe!
{ 6 comments… read them below or add one }
Two things to do to reduce your chance of being phished:
1. Never click on email links – if it’s a site you use normally, type it in yourself
2. Never give personal information when someone call you. For instance, if a CC company want some information, I will call back using the number listed on the credit card.
Good info Pinyo. Thanks!
I believe that PayPal always puts your full name in the body of the email specifically so you can better tell that it is a legitimate email and not random spam/phishing.
Good point, Grant. Thanks!
Ohh boy could I get into this subject big time. My email account was hit and I fell for a scammer (actually caught him). What is unfathomable for me is he was conversing with me using another company’s email account and representated himself as the company representative. In essence, fraud! Yet when I reported to all the respective enforcement parties, service providers, police, attorney general, etc. it is overlooked:-}??? Yeah I learned the hard way, don’t trust the little blue link!
There are no boundaries for some individuals and they come in SUITS
Hi, just want to pass this on, as I don’t own a web site to do so. About two days ago, I got an email in my gmail from “PayPal” as follows:
Hello David Rxxxxx,
As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account.
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Case ID Number: PP-830-528-499
For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause…..etc.,…..
Anyhow, after changing password and security questions…what I failed to notice was the lack of the PayPal ‘logo’ ….which is usually included in all real PayPal emails, of which you can click on to take you directly to the site. Just want others to know…look for the PayPal logo on the email. If you click it and you go to site, it’s the real thing…if there is no logo or maybe one that will not work when clicked on ….it’s a scam! Now, I’m awaiting a letter to arrive in the USPS mail to confirm my location, regarding my true identity of the PayPal account in question. I plan to send it back full of fake info!
Thanks, Dave