PayPal says I paid WHAT!?!
Don’t fall for it. The immediate reaction may be to click one of the links in the email, but avoid this temptation. Clicking could lead to a page, where you unknowingly type in your PayPal password because you think you are logging into PayPal.
Instead, open a new browser window and manually type the PayPal URL [paypal.com] to ensure you access the real site. After logging into your account, check your transaction history. If something is off, contact PayPal using the methods available on the legitimate PayPal web site. DO NOT use the methods in the phishing email, unless the charge was legitimate.
Though this email looks legitimate, let’s look at some of the obvious indicators that it is a phishing scam:
- All of the links in the email are the same. Therefore, no matter where you click you’ll end up right where the scammers want you to be.
- PayPal’s email address in the “From” section is NOT a PayPal email. Typically, email from PayPal use firstname.lastname@example.org or email@example.com [see image #1]
- A PayPal receipt always includes the recipient’s shipping address. However, in this example, the scammers only included the seller’s shipping address. [see image #2]
- A big warning sign should be the product listed as purchased. If you know you didn’t buy it–or spend that much money on anything using PayPal–or don’t even have a PayPal account, be weary of anything inside of that email.
- PayPal will use your name in the email when addressing you (i.e. “Hello Jane Smith”–not your email address).
- The information in the footer of the email is different from the information PayPal uses in the footer of their transaction receipt emails. [see image #3 for the CORRECT footer info.]