I’m writing this short post to potentially save at least 1 person a lot of pain. This is a reminder to everyone to remain vigilant with clicking links in emails that appear to be from reputable websites/companies such as PayPal, banks etc.
Many of these emails are designed to make you worried there is a security risk. For example the subject “Your PayPal account was opened from another device”. This headline is a trick to create urgency to making you anxious act fast. This results in you not paying the sort of attention to the source of the email as you might otherwise, and should always do.
The scam email I’ll show you like many other scam emails appears to be a phishing (pronounced fishing) email. They get you to click their link and visit their website, which may look very similar to actual website’s login screen. If you are still unaware that it is a scam you may put your login details in. At this point, you have basically handed your account over.
So, to help you understand what to look out for, here is the email received yesterday (see screenshot below). It looks like a genuine PayPal email. It isn’t. If you just briefly look at the sender’s address, like I did, you might mistakenly think it is legit, having paypal.com at the end. For a moment I almost did and I spend more time than most coming across dodgy emails, websites and seeing a whole range of online scams.
Fake PayPal Email
Looking at the from email address more closely, firstly the intl. before paypal.com looked strange and then the very weird <firstname.lastname@example.org> put me on high alert.
A Fake PayPal Spammer’s Email Address
See normally Gmail is pretty good and would probably have flagged this as spam and removed it accordingly. In this case. However, I have a filter set up in Gmail to make sure no legitimate PayPal emails get flagged as spam. You can see the yellow message it gave me about why I received it in my Inbox. Therefore I received this in my Inbox.
While not every scam email like this will hit your Inbox, it pays to keep a close lookout. There are often signals that something is off. Hopefully what I have described above gives you a better indication of what to look out for. You should try not to be flustered by their attention-grabbing security risk subject lines. Really think about if what they are saying makes sense to your account.
Then you should ALWAYS check the email address of the sender and, if you end up clicking a link in an email to take you to a website, ALWAYS check the website address/URL in the address bar of your browser. That can also be a dead giveaway to a scam website. Accidentally logging into your account via these websites lets the scammers/hackers capture your login information.
If you have any questions related to this post on email and website security, or anything else related to doing business online, please make a comment below. Or you could reply to the social media post where you saw this (probably on our Facebook page), or email me at email@example.com.
James Allen – Search Paladin Digital Marketing & SEO