Well, scam emails are a nuisance. Most of the people don't put the effort required to make a convincing fraud email( to me at least ) and I am not even talking about the 'Dear Sir/Madam' scenario.
But the sad truth is, some of us have/will fallen/fall into those traps; curiosity and panic being the devils.
Firstly, if they've sent you an email to gmail( I am talking about gmail web and mobile clients and not 3rd party handlers like Thunderbird ), they probably have your IP(They generally attach an image which loads automatically).
That's not really alarming, coz well - an IP is useless in itself. Though if the ip is received by a skilled hacker, they can try to remotely attack your system using terminal, and loading ratty applications on yer pc. So even opening a fraud email is dangerous :0
Try to use Thunderbird. If you don't trust it, then don't trust google since Mozilla is a reputed company and most of their softwares are open-sourced(unlike Google's Chrome which is based on Chromium but ain't it).
Know how to read message headers:-
Message headers are the additional data which are sent from one server to another to help reach the message to the destination. It contains information about the sender, the receiver, the time at which the email was generated etc. You can read the 'original message' in google to view the source.
This is an example header from Paypal:-
Received: from mx2.slc.paypal.com (mx0.slc.paypal.com. [173.0.84.225])
by mx.google.com with ESMTPS id f2-v6si1243314ita.2.2018.08.16.10.53.58
for _____
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 16 Aug 2018 10:53:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of service<at_the_rate>intl.paypal.com designates 173.0.84.225 as permitted sender) client-ip=173.0.84.225;
Authentication-Results: mx.google.com;
dkim=pass header.i=<at_the_rate>intl.paypal.com header.s=pp-dkim1 header.b=BEANA0YU;
spf=pass (google.com: domain of <removed> designates 173.0.84.225 as permitted sender) smtp.mailfrom=,<removed>;
Know what's smtp:-
Simple Mail Transfer Protocol ain't simple by any means. All you need to know is that that is the correct place from where the message came. Here the smtp is mx0.slc.paypal.com
Fake emails generally have smtps like 23.plusultra.kaneki.net or some other bull like that. If the hacker's pro, he might try sending from something like 11.paypal.servys.com. But then again, that's fake.
See the 'Reply-to' option in the email. The reply-to will be generally to an email registered to 123.com/rumail/mail.com/...... all but not to the same email address from which the email was apparently received(considering that the email address looks something like xxx<at_the_rate>paypal.com).
Finally, paypal only posts links to paypal.com. However a quick edit like this can fool you pretty easily -
<removed>
I hope you enjoyed the above website. Pretty cool xD, but in all earnest stop to take a moment to hover your mouse on the link, see where the link leads to and then click. If its to anything not ending with paypal.com, don't click it.
Finally, if you are using Thunderbird, block remote content from being loaded. This prevents your IP from being shared as well.
Enjoy safe payments, and try not to get scammed. Good luck!!
