** Spoof / Phishing Emails - Tips on how to identify & stay protected **

PayPal_Siobhán
Moderator
Moderator

Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.

 

You’ll know that an email is not from PayPal when:

 

  • The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name.
  • The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
  • The email includes a software update to install on your computer.

 

Here are some security tips to help you stay protected online:

 

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

 

If you think you’ve received a phishing email, forward it to spoof@paypal.co.uk and then delete the fake email from your mailbox.

 

Hope this helps,

 

Siobhán 

Login to Me Too
137 REPLIES 137

DuncanEdward
Member
Member

Good point well made

Login to Me Too

Kanrabat
Member
Member


I just got this little gem:
 "
 
Important Notice.
 
‎[removed](content censored by Paypal because they already know these... hum... gentlemen)
 
5:32 PM
 
 
 
 
 
 
  Confirm your account with PayPaI

Dear Member,

You account has been temporarily Iimited if you want unlock it

please check it from here

 

Unlock your account

 

  • Receive cross-border payments from the many countries that PayPal serves.
  • Withdraw your payments to the bank account you selected.
  • Become verified and remove your spending limit.

Yours sincerely,
PayPaI

Copyright © 2016 PayPaI Inc. All rights reserved.

 

 

 

 

"

 

 

 

 

 

 

 

 

Anyone dumb enough to fall for this?Smiley Very Happy

Login to Me Too

jonnie45
Member
Member

Hi

 

As an ex software developer with a keen interest in security I am rarely tempted by bogus emails.

 

I did however note a scarily good email which included my paypal email address, my full name, it only asked me to click

on a link to view new legal conditions on my account so it did not ask for sensitive information,

 

It even had the cheek to include a section "how do I know this is not a spoof" and repeated the advice of given by the paypal employee above - ie we will use your proper name rather than "Dear Pay Pal User". Clearly the scammers are reading this forum ( after all they can get a paypal account just like you or me ) and they are taking on board the information given here.

 

As an IT guy I knew just to scroll my mouse over the links to see in my browser what domain they led to and decided against trusting a domain which starts. I also inspected the source code of the email.

 

epi.paypal-communications.com

 

It seems to me that PayPal need to make an official statement as to what domain names it will include in any legit email.

 

For instance you could say....

 

Our emails will always refer you back to a subpage of our domain, all website addresses will begin

 

www.paypal.com/

 

We will never use a subdomain  ie

 

www.epl.paypal.com

 

We will never use domains such as

 

paypal-communications.com


Etc etc.

 

I would re-itterate this email did not ask me to supply information it simply wanted me to click on a link to read something.

This would have doubtless confirmed to the scammers that they had hit a genuine paypal account holder and that their

follow up scams might work.

 

I dont feel you have gone far enough here Siobhan and I think my relatives who are not IT professionals could have been

duped. I am myself still unsure whether its genuine or a very good scam but I will not be following those links.

 

To quote Siobhan: : "When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure."

 

My Reaction: By time the person has folowed the link in order  to see whether or not they see the security HTTPS it means that they have already gone TOO FAR because they have just told the scammer that they indeed do have a PAYPAL account and that the name and email was correct for the account. I will gladly construct a webpage to show you how I could use website domain registration information, guess that might be the same email address that the person uses for their paypal account, send them an email with a click on this link and encode their email into the URL so when they click on the link my code will log the event telling me that in all probability this person who's name I know from the website registration is actually a paypal account holder and they are using the same email address for their paypal account. Its not enough to hack because I do not know their password but its a **bleep** good start.

 

Most email readers will show what page youo will be transported to IF you choose to click on the link ( the text is not reliable as the displayed address does not have to be the same as the address you will be transported to ). The time for checking is before people click..

 

I would like to see a clear statement from paypal about what domains you use in emails for links.

 

Hopefully you would never use a domain like

 

www.paypal-communications.com

 

If this is correct then say so - tell us what domains you would ever use in an email.

 

Its no good telling people about the full name stuff - I own a website and its registered to me, any fool can get my full name if they know my website - just go to www.whois.com.

 

As a 20 year IT veteran it troubles me to see such naivety from Paypal staff.

 

The only real secure way to deal with this is to never provide any kind of link in an email always communicate by insisting that the user logs into www.paypal.com we should then be asked to read all messages there. I have never clicked on any links in emails from paypal other than during my initial account opening ( just the confirm email ) I always tap www.paypal.com letter by letter into my browser - unless you tell me when I log in of any legal or other news I need to know then you will not be able to successfully communicate with me.

 

The most you should ever send in an email is a message saying please log in to your paypal account ( but not with a link)

to read updated legal terms or whatever it is you want to say, the advice should say

 

Your should say "Do not click on any links in this email we always ask you to navigate yourself to www.paypal.com"

 

If you must include links in emails then always from the domain www.paypal.com

 

Please get this straight and then as a corporation make the required statement to all users about what links and domains may or may not be included in emails from you.

 

I dearly hope that www.paypal-communications is not a domain name that you genuinely own or that you woudl ever include in any email sent to users.


I repeat again its too late by the time the person has gone to a website page because if it is bogus they have just told the scammer that they got the details correct. Just think of unsubscribe emails - they encode your email address and details in the URL - its so easy to tell who it is who just clicked on the link if you gave it to them.


I repeat it is easy to get a long list of genuine emails and names, just focus on people who own websites.

 

Please get security experts in to deal with information and policy and then make a definitive statement about paypals

domains - tell us which domains you will use in email links so we can make an informed decision before we even click.

 

Sorry but I am not impressed, I feel that paypal knows that the solution is to state publically


We will never include any links in any of our emails - always navigate to www.paypal.com yourself either by typing (safest) or browser bookmarks ( not as safe - but then again if someone has hacked your bookmarks they have probably hacked your browser).

 

 

But I am cynical that the reasons for not asking users to do this are to do with not wanting to lose customers who are too impatient to type www.paypal.com

 

Interested to hear your reactions....

 

 

 

 

 

Login to Me Too

jonnie45
Member
Member

Same subject different angle.

 

I am amazed that when I go to vendors websites and go through the usual to and fro between paypal pages and the vendors pages that nothing of the following kind happens..

 

 

1. Automatic logout

2. A message to say "you are still logged in".

 

I always visit www.paypal.com after a transation on a third party website and log myself out - some people might be surprised

to find that as a  result on a third party website they remain logged in to paypal, then perhaps if they are in a public place they go get a coffee.

 

 

 

Login to Me Too

graham01
New Community Member

Hello,

 

I have received 2 strange email's from this email address [removed] I found another similar topic that says this is a genuine paypal address but it doesn't make any sense.

 

The email address I received these email's is on another email account of mine that is not signed up to paypal. 

 

The 2 email's I received are titled 'Your account has been limited until we hear from you' and the other 'Welcome to PayPal'. The latter is asking me to click a confirm email button. What is more strange is they are addressing a 'lee tom' which isn't even my name, and I do not believe it is possible for someone to accidentally mistype my email because it is a student address constructed from my course initials, year I started, my own initials, and the name of the university itself.

 

Can someone please inform me of what I should do please?

 

Regards,

Graham

Login to Me Too

Lip43
Contributor
Contributor

Hi, I received a email in my spam folder stating it has come from PayPal saying my Account Access has been Limited.  Although when I log on to my PayPal Account there isn't a message on the account overview stating this.  Additionally I am suspicious of this email as it is addressed Dear Valued PayPal Member and on reading information listed from PayPal  you state that you address an email to the customers first and last name.  I also have noticed that when I go to log into my account there is a message highlighted in a box just above the log in suggesting that I have recently changed my password - I did change it on 16/09/2010, but not recently, and am able to log on using that password.  Should I be forwarding this email and one other I received recently to spoof@paypal.  I have taken a copy of this email sent for your suggestions.  Many thanks

 

Dear valued PayPal member,

PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience. 

Why is my account access limited?

Your account access has been limited for the following reason(s): 

January 22, 2011: We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection. 
Case ID Number: PP-072-658-482

You must click the link below and enter your password for email on the following page to review your account.

http://www.paypal.co.uk

Please visit the Resolution Center and complete the "Steps to Remove Limitations." 



Thank you for using PayPal!,

PayPal Account Review Department

PayPal Email ID PP522



Copyright © 1999-2010 PayPal. All rights reserved. PayPal is authorized and regulated by the Financial Services Authority as an electronic money institution. PayPal FSA Register Number: 226056.


 

Login to Me Too

minx79
New Community Member

I hope you did not click on any links etc and do what it asked.

 

I have just had a similar email although it did go into my junk folder. My first thought was that it shouldn't have gone there as I have had loads of trouble recently with account getting restricted. But then I thought about it and went directly to paypal from google, and my account is not restricted. So its definitely spam! 

 

Copy of text I received below.

 

"Dear Customer,


We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.


Requiring PIN Signatures is the latest security measure against: identity theft, credit card fraud and unauthorized account access. PayPal will verify it with your bank records for your own protection. If you provide a wrong PIN your account will be suspended or limited for unauthorized account access.

(Your case ID for this reason is PP-192-084-509.)



 

Thank you,

Customers Support Service
© Copyright 2011, Paypal, Inc. All Rights Reserved."

 

 

Login to Me Too

Lip43
Contributor
Contributor

Hi, thanks for your reply and reassuring me, I thought it was a spoof email and  luckily I didn't click on any links as I did what you did - went straght into my PayPal account to double check and didn't see any restrictions, but then doubted myself.. I too have had emails that shouldn't of gone into my spam folder so give it a scan through from time to time. I've had other spam emails in the past from a variety of "banks" I'm not  with but this is the first one i've had to do with my PayPal account (had for some time but not used it) and its only since I started using it in December to pay for things brought through ebay that I have received one, so thought I'd better check it out with the forum. 

 

Many thanks for clarifying it for me.

Login to Me Too

LASHA
New Community Member

Hi Everyone, I need to get some information about  this spam email.
I didn't pay attention that and i went through link and did put all my information , bank details, address and etc.
is it going to affect me and my bank account?

when i noticed that it was spam and i did put all my information.  i closed my PayPal account straight away!
 
Please help me !!! 

Login to Me Too

damzel
New Community Member

H..I've just received this same email..it looks very authentic and as others will have experienced,  Pay Pal is diligent is checking and verifying our accounts..and I was completely taken in. Fortunately as I was about to send my information the back-up security I have with Santander (RAPPORT) kicked in and warned me off!!!!  I feel absolutely sick at what I so nearly and innocently did..  I should have been warned when it addressed me just as 'Hello'..I think PP should send out warning to it's users just to refresh us into being aware. Cheers..

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.