** Spoof / Phishing Emails - Tips on how to identify & stay protected **

PayPal_Siobhán
Moderator
Moderator

Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.

 

You’ll know that an email is not from PayPal when:

 

  • The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name.
  • The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
  • The email includes a software update to install on your computer.

 

Here are some security tips to help you stay protected online:

 

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

 

If you think you’ve received a phishing email, forward it to spoof@paypal.co.uk and then delete the fake email from your mailbox.

 

Hope this helps,

 

Siobhán 

Login to Me Too
139 REPLIES 139

yjunl00
New Community Member

Mine is like this

 

|#Dear Member,

|#Your 59.38 GBP payment made for the game FarmVille on Facebook Inc. is being processed.

|#Because of our geographic detector recorded this payment as being made from an unknown ip we had to put the payment on hold.

|#If you did not authorize this payment and you want to cancel, please click here:xxx
|#Thank you for your understanding.

 

Post edited to comply with forum guidelines.

 

Login to Me Too

PayPal_Rachael
PayPal Employee
PayPal Employee

Hi All,

 

Here are some tips on how you can tell if an email is from PayPal:
 

You’ll know that an email is not from PayPal when:

  • The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name or the business name on your PayPal account.
  • The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
  • The email includes a software update to install on your computer.

Here are some security tips to help you stay protected online:

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com/. The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

If you think you’ve received a phishing email, forward it to spoof@paypal.co.uk and then delete the fake email from your mailbox. If you‘ve responded to a fraudulent email and believe your PayPal account may now have been accessed, you should report the unauthorised access immediately.

Note:

  • If you provided any personal information in response to a phishing email or on a spoof website, change your PayPal password and security questions immediately.
  • If you provided any financial information, contact your bank and your credit card issuer and tell them about the situation.
  • Review your PayPal account history to check that you recognise all recent payments.

I hope this helps.

Rachael

Login to Me Too

Kay112
Contributor
Contributor

Hi, I've recieved the following email:

 

Saturday , December 17, 2016 #GB758502096
 
 
 
  This email is to confirm that you have sent £51.00 GBP to Brian [removed] using your PayPal account  
 
 
 
  Purpose of Transaction   Ammount  
 
 
  Gift  (Saturday, December 17, 2016)   £51.00  
 
 
  Total   £51.00  
 
 
  On Hold   £51.00  
 
 
  On Hold  

£51.00

 

 

 

When i click on the link to cancel the payment it asks me for all my card details, i havent entered anything and have now changed my password.  I checked the activity on my account and cannot find anything that relates to this. Please help.

 

Kay

Login to Me Too

kernowlass
Esteemed Advisor
Esteemed Advisor

@Kay112

 

Paypal would never tell you to cancel a transaction via a link in an email.

 

They would tell you to log in normally and send you to the resolution centre.

 

Paypal would never tell you to enter sensitive log in or financial info via a link in an email.

 

Read the link below on spoof emails.

 

And if ever in doubt log in to your paypal account normally and if the transaction is not in there then it hasn't happened.

 

https://www.paypal.com/selfhelp/article/FAQ2061/2




Advice is voluntary.
Kudos / Solution appreciated.
Login to Me Too

Kay112
Contributor
Contributor
Thank you so much for your help. Kay
Login to Me Too

BanatiBarna
New Community Member

I just received the following email from this adress:
I guess it is fake, just wanted to make sure. My paypal inbox has no messages...

 

Dear (Barnabás [removed]),


   We are contacting you regarding your Transaction with Lisa [removed]. We are still expecting to receive the necessary Moneygram Information from you, and you are required to send the Moneygram information to us within the next 48HRS or the necessary Legal Action would be taken against you.

 You are required to send to us the Moneygram Information Stated Below for Verification:

(1) Sender's Name;
(2) Receiver's Name;

(3) Reference Number;

(4) Amount Sent;
(5) Moneygram Receipt.

So you should go ahead and send the €500.00 EUR within the next 24HRS, and we shall be expecting to receive the Moneygram Information from you as soon as possible. You can contact us if you have any question(s).

Sincerely,

A. [removed],
The PayPal Team.

Login to Me Too

Flynnout
New Community Member

I had really good advise on the spoof emails.  I wasn't sure what to look for as the email I received looked genuine but they had addressed me by my email address.  They had named a person that money had gone to from my paypal account, I checked the account but there was no money going out to the named person.  This is a really good forum, I have emailed the email I received to paypal and deleted it from my in box.  These emails are getting really good, I just hope others take more care.

Login to Me Too

bewilderedCC
New Community Member

Thank you - I had an email exactly as you describe. I've never had one before and thought it was suspicious but didn't know what to do. I've forwarded and deleted.


@PayPal_Siobhán wrote:

Due to the increase in Phishing /Spoof Emails being reported to PayPal I thought I would post a few tips on this topic that might help.

 

You’ll know that an email is not from PayPal when:

 

  • The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We'll always address you by your first and last name.
  • The email requests financial and other personal information. A real email from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
  • The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
  • The email includes a software update to install on your computer.

 

Here are some security tips to help you stay protected online:

 

  • Even if a URL contains the word 'PayPal', it may not be a PayPal webpage.
  • When using PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' in ‘https’ means the website is secure.
  • Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

 

If you think you’ve received a phishing email, forward it to spoof@paypal.co.uk and then delete the fake email from your mailbox.

 

Hope this helps,

 

Siobhán 


 

Login to Me Too

DuncanEdward
Member
Member

Siobhan hi

 

I receive loads of Phishing emails and seem to receive more since I sent the first one to Spoof@paypal.

I found it virtually impossible to tell the difference between the phishers and paypals emails.

Could I make a suggestion

Don't send customers emails with links in.

Don't send unnecessary emails such as click here to see activity on your account.

Don't send emails with a Paypal url link in.

 

The phishers are copying everything you do so don't have links in your emails at all and your customers won't be fooled.

Hope that helps.

Duncan 

Login to Me Too

bluesys
Contributor
Contributor

You did not note the extreme loss of security that paypal currently experiences due to paypal now allows login with NO password or challenge questions answered AT ALL!

All that is needed as the single 6 digit code from the cell number paypal has on file to login and make charges to a paypal account.

 

So if you lose you cell phone your paypal account is WIDE OPEN to whoever now has your cell phone.

There is ZERO security in the case of a lost cell phone today with paypal.

 

If you experience ID theft and the your cell phone SIM is slammed to a another SIM card again you paypal account become WIDE OPEN to the ID theft.

This is a crazy situation in my experience.

 

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.