** Spoof / Phishing Emails - Tips on how to identify & stay protected **

PayPal_Siobhán
Moderator
Moderator

Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.

 

You’ll know that an email is not from PayPal when:

 

  • The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name.
  • The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
  • The email includes a software update to install on your computer.

 

Here are some security tips to help you stay protected online:

 

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

 

If you think you’ve received a phishing email, forward it to spoof@paypal.co.uk and then delete the fake email from your mailbox.

 

Hope this helps,

 

Siobhán 

Login to Me Too
137 REPLIES 137

noswarp
New Community Member

@PayPal_Rachael wrote:

Hi Reginald_Rat,

 

PayPal will send you an email when your card is about to expire so you can update it. If there is a link it should only link to the PayPal page and ask you to login. You will know that it is a real PayPal page as there will be a lock in the corner of the address bar. 

 

If you have any concerns about this email please forward it to Spoof@PayPal.co.uk and we will confirm for you wether or not it is a genuine email. 

 

I hope this is helpful. 

 

Rachael


Hello PayPal_Rachael
Is your statement about the locked padlock indicating security correct ??
Regards
Paul

 

Login to Me Too

johnant
New Community Member

Hi All,

 

I attempted to log in to my paypal account and on doing so was met with a doalogue box on screen with the paypal logo. It was asking for various information I know paypal would not ask since they have it  or some of it already.

 

My name, address, bank details. national insurance. Post code.  DONT BE FOOLED PAYPAL WILL NOT ASK YOU FOR INFORMATION THEY ALREADY HAVE. THEY DO NOT NEED SOCIAL SECURITY DETAILS.

 

Put in place decent security software and dont be hacked., Do not send infor via emal. Do Not store passwords or other information on you computer which ONLY YOU SHOULD KNOW.

 

Login to Me Too

PayPal_paula
Moderator
Moderator

Hi johant, 

 

Great advice. Thanks for posting this Smiley Happy

 

Kudos to you

Paula 

Login to Me Too

alexcochrane
Contributor
Contributor

hi guys

just received a text from "Paypal UK" with link to a scam. ‎[removed]

 

lext looks so genuine until following the link.

 

 

Login to Me Too

guarana
Member
Member

Don´t let yourself be fooled with links like

 

‎[removed]

 

the first part is named in bad faith,and can be choosen arbitrarily by anyone who ownes the domain at the end.

the longer the domain name, the more suspicious it is.

 

only www.paypal.com is genuine and should be in the end of the link.

 

So before you click a link, move with the mouse over the link, and look for the true domain, which you will find at the end and  which includes the country code.

Login to Me Too

rocqua
New Community Member

That's what I thought, until I received a link towards epl.paypal-communication.com .
After some digging around, that domains is also registered by paypal, but it gave me quite the scare.

Login to Me Too

petter
Contributor
Contributor

I also got this kind of email. "Updated agreement, click to read".

 

No email I've verified come from PayPal, uses this domain, and every single link in the mail contains a long code. It also includes a 0-by-0 pixel image sourcing the site with this code (a typical "read verification" technique often used by spammers to verify that an address exist and is used).

The email uses a PayPal loga sourced from an epsilon.com sub domain.

 

Q: Does paypal control the site paypal-communication.com?

 

If the email is really from paypal, they should use less suspicious/tracking techniques, and definitely let all links go to a paypal.com sub domain (may I suggest the domain name epl.communication.paypal.com? That would make me feel more confident).

 

Login to Me Too

Gillsing
New Community Member

I just got an email from epl.paypal-communication.com as well, and while it does look genuine with my first name and last name, I would never risk using a link that doesn't go to paypal.com or paypal.(country code). Because as far as I know, any phisher could use a domain name that contains the word "paypal" and some extra word that seems reasonable. Even for this site I checked to make sure before logging in.

 

It was also suspicious that PayPal would send me a "You've got money in your PayPal account"-message when it's just the remains from my last purchase, and only went from 0.02 GBP to the equivalence of 0.07 GBP. Sure, that's 'money' all right, but it's not something worth the time I'm taking to write this post. Is PayPal really this desperate to remind me of its existence?

Login to Me Too

NicCymraeg
New Community Member

Can we get a deffinitive answer as to whether

paypal-communication.com

is actually a paypal controlled domain?

 

Also, why send an e-mail form one domain with links to different domains?  This will trigger most spam filters.

 

Nic

 

Login to Me Too

PayPal_Siobhan2
Moderator
Moderator

Hi Guys,

 

Thank you for contacting the Community Forum and welcome to Gillsing as a new member!

 

The paypal-communication.com is not a registered domain for PayPal. We very rarely include links in our emails and would request a customer to log in to their PayPal Account directly through a secure connection (mainly home rather than public wifi) if there was an issue or we needed something updating.

 

If unsure, forward the email to spoof@paypal.com. Our team will take a look and reply with an update.

 

Thanks - Siobhan

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.