Stay Safe Online

Here’s how to spot and avoid PayPal email phishing scams

PayPal is a great way to receive and send money online, and is one of the most popular methods of online payment across the Internet.

Most of us who frequently use the Internet will have a PayPal account. They’re similar to bank accounts in that we have a balance, and we can receive money into the account or pay money from the account. However, unlike most online bank accounts, access to your PayPal account can be as simple as getting the account password. This means PayPal accounts are a frequent target for scammers.

The most popular scam designed to compromise your PayPal account are phishing scams that will arrive in your email inbox. PayPal phishing scams look like they’re from PayPal, and they typically want you to click a link that leads to a spoof PayPal look-a-like website which then asks for your login credentials, which are then sent straight to the crook.

The email sender will appear as PayPal, and the design of the email may look like a legitimate PayPal email with their branding and design. But this doesn’t mean the email has come from PayPal, since a crook can spoof the sender name, fake the return email address and copy the branding and design. In fact, even for those well versed in spotting email scams, a well-crafted PayPal phishing email can – upon a cursory glance – look identical to a real PayPal email.


Sponsored Content. Continued below...




But there are always red flags.

Such red flags can include any of the following –

1. Pressure for the recipient to click a link or face negative consequences.
2. The email does not address you by your name (since they’re often sent out to thousands of different recipients. Legitimate emails have the recipients name.)
3. The email will contain spelling or grammar errors.
4. While using a desktop or laptop computer, hovering over a link in the email reveals a web address that does not belong to PayPal.

Let’s quickly look at some examples of PayPal email scams.

This scam shows all four of the above red flags. The email urges the recipient to click a link to continue using their PayPal account. There is no name, opting for a generic “PayPal Customer” greeting. There are grammar errors, including PayPal not being capitalised correctly. And finally – while the image itself does not reveal this – hovering (or clicking) the blue box revealed a website that did not belong to PayPal.

Another example…

Again, the email urges the recipient to click a link or face limitations on their account. The recipient’s name is not mentioned in the email. There are grammar errors (e.g. step should be pluralised) and again, the link doesn’t lead to PayPal.

Finally, one more example…

This is perhaps the most convincing of the examples. But red flags are still present. There is still an impetus for the recipient to click a link since the email details a purchase that the recipient didn’t make, despite the email not explicitly instructing the recipient to click a link. Again the email does not mention the recipient’s name. And the links in the email still lead to a spoof website that doesn’t belong to PayPal. In this case however, the email contains no obvious grammar or spelling mistakes.


Sponsored Content. Continued below...




Avoiding PayPal email phishing scams

Thankfully, if you’re reading this article, you’re most of the way there when it comes to avoiding these email phishing scams because you know the tell-tale signs. Always remember to look out for these red flags, especially the fourth most important one – the links in the email won’t go to the actual PayPal website. Instead they will lead to a spoof website designed to look like the real PayPal website.

Additionally we recommend enabling two-factor-authentication, which is an extra layer of security other than the password. This is good because no matter how a scammer may obtain your PayPal password, they won’t gain access to the account because they won’t have access to the other piece of information needed.

PayPal has a “security token” feature which can be accessed by heading to your settings and clicking account settings. This will allow a text code to be sent to your phone when you try and login from an unrecognised device.

If in doubt, open your Internet browser and go to PayPal’s website directly. Don’t click on any links to get you there.

Share
Published by
Craig Haley