Congratulations, UD colleagues. You’re starting to catch more and more phishing scams without help from IT or your departmental IT professional!

Today we’ve had multiple reports about this fake PayPal notice:

The latest fake PayPal phishing scam.

PayPal is NOT going to send a notice like this to a visible mailing list. Do you know how to recognize this scam?

Just like some of the other scams we’ve seen lately, this one looks good at first, but in about 5 seconds you should be able to tell it’s a scam:

  1. The large payment amount is supposed to send you into a panic so you just click one of the links in the message to investigate.
  2. The message is sent to multiple email addresses. And you can see those addresses. Some of the phishing scam boiler rooms have been sending out a lot of phishing spam with this trait. PayPal, American Express, Banks, credit card companies, merchants, and other legitimate entities will never reveal customer email addresses to other customers.
  3. The links in the message do not go to a valid PayPal site. If you see a message like this one, hover your mouse over a link before you click. See where it goes.

    You’re always safest to not click links in a message like this one. If you want to check to see if this is a valid notification, it’s much safer to log into your PayPal account using the standard URL you know and trust.

See a message like this one? Just delete it.