I’m pretty sure this is a scam, but wanted to double check: does PayPal ever send email messages about “unclaimed payments”, asking you to log in and claim $$?
You’d definitely think that was a scam or some poorly thought out phishing attempt (as so many emails you get ostensibly from PayPal turn out to be) but in fact PayPal does have a payment claims process and your message might just be legit, with a payment at the end of the pipeline.
As far as I can tell, this happens if someone pays you via PayPal to an email address that’s yours, but isn’t the one you use for your PayPal account. My account, for example, is tied to my @intuitive.com domain, but if you were to send me, say, $50 to my email address here on AskDaveTaylor, I’d get the notification message, but PayPal would assume I don’t have an account. If I then ignored the notification, in a few days it would send another message inviting me to claim my money by logging in.
Yeah, even typing that makes me cringe. Seems SOOOO scammy.
But here’s a similar message I received a few weeks ago:
Even the image failed to load. Could it be more suspicious??
Still, I know that Gmail has some weirdness with sometimes showing @gmail.com or @google.com and other times @googlemail.com, so it’s believable. More importantly, I do have a business relationship with the merchant shown, FeedBrewer.
To find out more, I hovered my cursor over the “Claim Your Money Now” link at the bottom and when I ascertained that it was indeed going to take me to PayPal.com, I clicked.
That looks quite legitimate, and most importantly Safari is showing me the status of their security certificate in green on the address bar. Notice the “PayPal, Inc.”. In fact, click on it and you’ll learn more about the security certificate too:
I have two-step verification set up on my PayPal account too, so even if it’s an extraordinarily sophisticated phishing attempt and they succeed at getting my password, they still won’t be able to log in to my account. You don’t have that set up? Dude. Just do it: Set up 2-step verification on PayPal.
Back? Good. Now I’ll click “Log In” and enter my account and password, after which PayPal correctly prompts for the secret verification code that it sends to my cellphone via SMS:
I enter the code and then everything happens pretty darn quickly, because it’s still remembered the original “claim payment” transaction ID.
First I see this:
Nice to know I can spend it.
Still unsure it worked? Log out, then log in again and look for the transaction on your transaction history. Here’s what I saw:
Yay. Even the same amount of money.
So it turns out that at least in this instance, the email is legit. Still be wary of any you receive that has a link for you to log in to your PayPal account, of course. It’s a jungle out there!