New to the community? Welcome! Please read our Community Rules and Guidelines
Join the live Q&A with our Community moderator team Wednesdays, 1-2pm PT (4-5pm ET) and Fridays, 4-5pm GMT. Learn more in Community Events
Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.
You’ll know that an email is not from PayPal when:
Here are some security tips to help you stay protected online:
If you think you’ve received a phishing email, forward it to email@example.com and then delete the fake email from your mailbox.
Hope this helps,
This email has the 's' and the loclksymbol but I have no made a payment via paypal to anyone from this company and its worrying that they have got my email address.
I have sent it on to spoof emails at paypal.
I cant delete the part of the message as you state above as that would mean openning it!
I've just tried forwarding the spam e-mails to spoof@ from within my gmail account, and it keeps crashing the system page, they obviously have some kind of a block in place. So I'm going to try printing them as pdf files and attaching them that way - maybe they can still be checked. Any ideas welcomed :-)
Indicators on a recent phishing email I have received are
1) "P.A.Y.P.A.L." as part of message header
2) Reply address is "paypal.co.us"
3) Email address it was sent to started "flyer@" followed by a general email address that is not recorded with Paypal!
4) Misspelling in this case "We are detected ....."
5) A form attached to download and fill in ... as if!
It's all very well you asking customers to send e-mails to firstname.lastname@example.org. This doesn't help customers fears as the more I seem to use Paypal the more spoof e-mails I seem to recieve. I want to know what is being done with these e-mails is there actually anything being done at all as I seem to be getting a spoof e-mail every month.
I don't keep getting spoof e-mails for my online banking only paypal.
a very annoyed paypal customer.
In recent weeks this seems to be getting worse been building up being tols my account wil be closed if not updated then when i have logged in being told my details are not the same as you have on the system, i have no problems with my bank on line so why should i have problems with paypal if all security methods are in place, what makes things worse is these **bleep** automated replies from spoof well one reply out of 3 mails forwarded and no replies from customer service, is there not any human beings employed at paypal, am sick of being sent round in circles am so annoyed that if i dont get a personal reply by the weekend i'm closing the account because to be honest this just isn't worth the grief and i have not been given any confidence or reasurance that my account is ok and not been tampered with......................David.
You account has been temporarily Iimited if you want unlock it
please check it from here
Unlock your account
Copyright © 2016 PayPaI Inc. All rights reserved.
Anyone dumb enough to fall for this?
As an ex software developer with a keen interest in security I am rarely tempted by bogus emails.
I did however note a scarily good email which included my paypal email address, my full name, it only asked me to click
on a link to view new legal conditions on my account so it did not ask for sensitive information,
It even had the cheek to include a section "how do I know this is not a spoof" and repeated the advice of given by the paypal employee above - ie we will use your proper name rather than "Dear Pay Pal User". Clearly the scammers are reading this forum ( after all they can get a paypal account just like you or me ) and they are taking on board the information given here.
As an IT guy I knew just to scroll my mouse over the links to see in my browser what domain they led to and decided against trusting a domain which starts. I also inspected the source code of the email.
It seems to me that PayPal need to make an official statement as to what domain names it will include in any legit email.
For instance you could say....
Our emails will always refer you back to a subpage of our domain, all website addresses will begin
We will never use a subdomain ie
We will never use domains such as
I would re-itterate this email did not ask me to supply information it simply wanted me to click on a link to read something.
This would have doubtless confirmed to the scammers that they had hit a genuine paypal account holder and that their
follow up scams might work.
I dont feel you have gone far enough here Siobhan and I think my relatives who are not IT professionals could have been
duped. I am myself still unsure whether its genuine or a very good scam but I will not be following those links.
To quote Siobhan: : "When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure."
My Reaction: By time the person has folowed the link in order to see whether or not they see the security HTTPS it means that they have already gone TOO FAR because they have just told the scammer that they indeed do have a PAYPAL account and that the name and email was correct for the account. I will gladly construct a webpage to show you how I could use website domain registration information, guess that might be the same email address that the person uses for their paypal account, send them an email with a click on this link and encode their email into the URL so when they click on the link my code will log the event telling me that in all probability this person who's name I know from the website registration is actually a paypal account holder and they are using the same email address for their paypal account. Its not enough to hack because I do not know their password but its a **bleep** good start.
Most email readers will show what page youo will be transported to IF you choose to click on the link ( the text is not reliable as the displayed address does not have to be the same as the address you will be transported to ). The time for checking is before people click..
I would like to see a clear statement from paypal about what domains you use in emails for links.
Hopefully you would never use a domain like
If this is correct then say so - tell us what domains you would ever use in an email.
Its no good telling people about the full name stuff - I own a website and its registered to me, any fool can get my full name if they know my website - just go to www.whois.com.
As a 20 year IT veteran it troubles me to see such naivety from Paypal staff.
The only real secure way to deal with this is to never provide any kind of link in an email always communicate by insisting that the user logs into www.paypal.com we should then be asked to read all messages there. I have never clicked on any links in emails from paypal other than during my initial account opening ( just the confirm email ) I always tap www.paypal.com letter by letter into my browser - unless you tell me when I log in of any legal or other news I need to know then you will not be able to successfully communicate with me.
The most you should ever send in an email is a message saying please log in to your paypal account ( but not with a link)
to read updated legal terms or whatever it is you want to say, the advice should say
Your should say "Do not click on any links in this email we always ask you to navigate yourself to www.paypal.com"
If you must include links in emails then always from the domain www.paypal.com
Please get this straight and then as a corporation make the required statement to all users about what links and domains may or may not be included in emails from you.
I dearly hope that www.paypal-communications is not a domain name that you genuinely own or that you woudl ever include in any email sent to users.
I repeat again its too late by the time the person has gone to a website page because if it is bogus they have just told the scammer that they got the details correct. Just think of unsubscribe emails - they encode your email address and details in the URL - its so easy to tell who it is who just clicked on the link if you gave it to them.
I repeat it is easy to get a long list of genuine emails and names, just focus on people who own websites.
Please get security experts in to deal with information and policy and then make a definitive statement about paypals
domains - tell us which domains you will use in email links so we can make an informed decision before we even click.
Sorry but I am not impressed, I feel that paypal knows that the solution is to state publically
We will never include any links in any of our emails - always navigate to www.paypal.com yourself either by typing (safest) or browser bookmarks ( not as safe - but then again if someone has hacked your bookmarks they have probably hacked your browser).
But I am cynical that the reasons for not asking users to do this are to do with not wanting to lose customers who are too impatient to type www.paypal.com
Interested to hear your reactions....