Don’t Fall Victim to Paypal Phishing Scams

Paypal has warned of recent phishing scam emails that are being sent to unsuspecting Paypal users that look real, but describe a strange transaction that was probably never made. Here is an official statement from the Paypal.com website about this particular type of scam:

“You may receive a fake email that claims to be from PayPal. Sending fake emails is called “phishing” because the sender is “fishing” for your personal information.

The email may ask you to:

Visit a fake or “spoof” website and enter personal information.
Call a fake Customer Service number.
Click an attachment that installs malicious software on your computer.

If you suspect an email is fake, don’t open it. Don’t reply to the email, click any links, or download any attachments. If you have clicked a link or opened an attachment from a suspicious email, report the phishing email or spoof site as soon as possible so we can help protect you and other PayPal members. Please forward any suspicious emails to spoof@paypal.com. Then, delete the suspect email.”

Here is an example of the email that comes into your inbox.
Paypal Scam Email

You can see the email looks pretty real. It would show the Paypal logos and everything if I had allowed it to download the images, but DON’T LET IT DOWNLOAD THE IMAGES IF YOU CAN HELP IT. This could trigger a notice to the scammer that you indeed opened the email, your email address is a real working address, and they now may try to send more scamming attempts to your email address. It is best to not give the scammer any more information than they already have.

Most people would immediately be concerned that their Paypal may have been hacked since they would have no recollection of sending a payment as the email describes. This could lead the unsuspecting user to click on a link in the email that does not take them to Paypal.com but instead to an imposter website that was made to look like Paypal.com asking the user to put in their account login information. OR the user may hit reply to probe for more information. DO NOT CLICK ON ANY LINKS OR IMAGES IN THE EMAIL AND DO NOT REPLY TO THE EMAIL or you may fall right into the scammers trap.

Paypal Email Scam HeaderHow can you tell this email is a scam? Look at the email headers. Upon digging into the email header, this email shows us its ugly secret. The email return path and the originating email server both point to a .ru (Russian) domain that was from a “rogue” email script running on that server. This should be more than adequate proof that this email is a hoax, and that it should immediately be deleted and/or reported to Paypal.com by forwarding the suspicious message to “spoof@paypal.com”. The server that the message originated has more than likely been compromised, and the owner of the server probably has no idea that the server is attempting to phish for Paypal account information.

What to do if you clicked on a link or put your Paypal Account information into the hoax website

  • First, immediately login to your Paypal account and change your password. Notify Paypal that you think your account may have been compromised so that they can take the necessary precautions to protect you and your identity.
  • Second, you will probably want to have your computer scanned for any malware that could have been installed as a result of visiting the phishing website. Bring your computer to South City Computer for computer repair service to be scanned for viruses, trojans and other malware that could infect your computer.
  • Third, if you notice any Paypal account transactions that were not from your use of Paypal, notify Paypal immediately, and if the crime against you was serious enough, contact your local law enforcement to inform them of the computer crime against you. It may be possible for law enforcement to entrap the scammer and prevent them from scamming others in the future.

This advice was also given from Paypal.com website:

“How to protect yourself from fake emails

When you aren’t sure if you can trust an email claiming to be from PayPal, here are 2 guidelines that can help you to spot the real from the fake:

PayPal emails will always use your first and last name, or your business’s name.
PayPal emails will never ask for your personal or account information such as credit or debit card numbers, bank account details, driver’s license number, email addresses, or passwords.

Never click a link in an email that requests personal information.

Any time you receive an email about your PayPal account, the safest and easiest thing to do is to open a new browser, enter https://www.paypal.com, and log in to your account. You can also send us an email by clicking on the “Contact Us” link at the bottom of every PayPal webpage.”

The Internet is like the “Wild-West” of the modern world. Nobody likes to be cheated robbed or fall victim to a phishing scam. Be alert of what you are doing, suspicious at all times, and overly cautious. Remember, if it looks fake (or too real), but doesn’t seem quite right, it probably is fake.

// //
//