Take a look at this message and see if you can tell if it came from PayPal or not?
- Fig 1. Fake Email from PayPal.
This email is NOT from PayPal. It’s from a spammer, who wants you to go to your browser and open the “AccountValidation.html” page that he or she has attached.
Why should you immediately be suspicious of this email?
- Be suspicious if the “From” address is not paypal.com.
- Also, be suspicious if they don’t use your real name. If they say “Dear Valued Member” instead of addressing it to your first and last name, it is very likely to be fraud.
- Unfortunately, the opposite is not true. Spammers have ways of getting both your real name and your email address. For instance, sometimes they hack into an unrelated system, that has less security than PayPal, that also stores your name and email address. So just because they use your real name, does not mean you should automatically trust them.
- Always be suspicious of downloading attachments. PayPal, your bank and your other accounts are never going to send you an attachment to download and run.
What should you do when you get an email like this?
If you get an email about your Paypal account and you think there might be a real issue with your account then:
- Do not download any attachments. The attachments may contain a virus or a redirect to a fraudulent site. Or they may contain a fake account verification page, as this email does.
- Avoid clicking on any links in the email, as the links may take you to a fraudulent site.
- Instead, go to your browser and type in the url: www.paypal.com
- If you do have a legitimate issue, Paypal will inform you when you login.
- Never reply to an email with your username, password or credit card number. Legitimate sites will never ask you for your password or credit card number via email.
More details about how to avoid PayPal scams can be found on the PayPal site. Click on “Security and Protection” and hit the “Explore Topics” button. https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=security/phishing
What will happen if you open AccountValidation.html in your browser?
You should avoid opening attachments that you suspect are from spammers, as they may contain viruses which can infect your computer.
In this particular case, the AccountValidation.html page is a phishing page. Phishing is when a spammer pretends to be a legitimate institution such as PayPal, in order to trick you into giving away your personal information.
If you were to open this page in your browser, then in this case you would see the page below.
- Fig 2. Fake Account Validation Page
The page is asking for all your personal information including your credit card number. Remember, this “AccountValidation.html” page is not from PayPal. The spammer wants it to look like it is from PayPal, so that you’ll be tricked into giving away your personal information. It even pulls many of the images on the page from PayPal servers.
However it was sent by a spammer. If you were to fill in the information and push the “Save Profile”, then the page would send all the data that you entered to an IP address of a computer in the Ukraine.
What do legitimate emails from PayPal look like?
Below is another example of a PayPal email. This one is legitimate (with the name and email address changed to protect the real recipient). Sometimes it’s challenging to tell that a legitimate email is actually legitimate. But when you’re in doubt, you can always type the url www.paypal.com into your browser, and login directly. When you login to www.paypal.com, PayPal will let you know when there is something you need to deal with.
- Fig 3. A Real Email from PayPal