This Convincing Email From PayPal Is Actually a Scam
Did you know that you can customize Google to filter out unwanted results? Follow these steps to improve your search results, including adding Lifehacker as your preferred source for tech news .
Fraudsters are once again posing as PayPal and attempting to trick users into giving them access to their accounts and funds. The latest mailing tells recipients about a new (fake) transaction and payment profile, and urges them to create an account.
I have personally fallen victim to this scam, which has a number of compelling elements and several red flags.
PayPal Account Profile Scam
At first glance, this email does look like it’s from PayPal: the sender address is service[at]paypal[dot]com, the legitimate PayPal domain is used, and the “From” field is paypal.com . However, scammers can spoof the email address in the “From” field to make it look legitimate when it’s not. The look and feel of the email is fairly similar to other PayPal emails, including the company’s branding and footer. Hovering over the links, including the “Customize Your Profile” call-to-action button, appears to lead to the real PayPal website.
But after that, there was little else to worry about. The message wasn’t addressed to me — instead of my name and email address, it was sent to [at]truestate.org with the greeting “Hello, receipt34532.” As Malwarebytes Labs notes , scammers create mailing lists to send out mass phishing emails, so the messages aren’t addressed to specific recipients. Also note that legitimate companies, including PayPal, will address you by your real name, not a screen name or standard greeting.
The rest of the message doesn’t make sense and doesn’t match the action you’re being asked to take. It also uses common scam tactics, such as urgency (the link must be valid for 24 hours) and attention-grabbing details (a large sum of money and a vague mention of cryptocurrency). The phone number has also been reported to the Better Business Bureau as a PayPal scam.
Obviously you shouldn’t do this, but if you did, you would likely be prompted to add an additional user to your PayPal account, which would give them access to make payments using your information.
How to Keep Your PayPal Account Secure
At this point, it’s hard to trust any messages about account security or financial transactions. Fraudsters are becoming increasingly adept at faking or impersonating real people and organizations, often using artificial intelligence, so don’t trust an email ( or phone call ) just because the sender looks real.
You should continue to be wary of messages that sound urgent or evoke strong emotions. Instead of responding to these emails, texts, social media messages, and calls, delete them and go directly to the website or app and log in to your account to view all relevant alerts, or contact the company using the information provided on official communication channels.
You can also search the phone number or email address on the BBB fraud tracker to see if anyone has reported a scam. If possible, enable multi-factor authentication for your accounts as an extra layer of security.