New to the community? Welcome! Please read our Community Rules and Guidelines
Join the live Q&A with our Community moderator team Wednesdays, 1-2pm PT (4-5pm ET) and Fridays, 4-5pm GMT. Learn more in Community Events
I have received the second of what appears to be a series of phishing attempts claiming to be from PayPal reporting a purchase of merchandise worth a few hundred dollars in a foreign country, asking that I click on a link in the e-mail to dispute the charge. I took no such action but instead hied on over to the PayPal site instead to check if any such activity had taken place. (It hadn't, nor was there any evidence that PayPal was even aware of the reported transaction.) On the first such message, I reported to my ISP the e-mail as a phishing attempt and set up an option that I could look at the full e-mail header if I so chose. I then disposed of the e-mail as the trash it was. The second attempt reported a different transaction taking place in a different country. This time I copied and saved the header and much of the e-mail, again reporting it to my ISP as a phishing attempt and checking on whether that or the previous attempted transaction had taken place. Again, PayPal registered no such transaction attempt. I could find no place to report such e-mails to PayPal security.
This raises a few questions:
Were, if anywhere, should I send my header data?
Is there anything else I should be doing to discourage such phishing attempts or alert the powers that be and enable them to stop these attacks?
If I had been fooled by the e-mail's official-looking appearance and clicked on the links, would PayPal be able to respond and mitigate any bad effects of having let down my guard momentarily?
What tipped this off as a fraud was the lack of any mention of contacting PayPal directly instead of clicking on the link. Many if not most legitimate such e-mails suggest this as an alternative if they have any such links in their e-mails at all.
You can report potential fraud to PayPal here.
It's good that you were paying attention. That's really the best thing you can do is continue to stay educated about what types of scams like this there are going on. Basically, just don't ever log in to any of your accounts through links in emails, chats, or anything like that.
Just keep doing what you're doing and you should be fine.