How can I recognize fake Paypal email?
Dave, I get tons of email that looks like it's from Paypal, asking me to update my account record, check that things are configured alright, or even to "notify" me that a new email address has been "added" to my account. Sheesh! How can I recognize real Paypal email and separate it out from all the phishing and fake messages in my inbox?
I know what you mean. I get a ton of this junk too, and I have learned to never click on a link in an email message. If I think it's legit, I'll open my browser and directly type in the Paypal URL: https://www.paypal.com/ (note that it's 'https' not 'http' too).
Paypal itself has some useful tips too:
10 ways to recognize fake (spoof) emails
- Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.
- A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.
- A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.
- Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a spoof website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.
- Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.
- Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
- If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
- Even if a URL contains the word "PayPal," it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com, www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
- Always log in to PayPal by opening a new web browser and typing in the following: https://www.paypal.com/
- Never log in to PayPal from a link in an email message.
- Misspellings and bad grammar. Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
- Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
- Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.
- Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.
If you receive a spoof email, forward the entire email - including the header information - to Paypal's fraud team at: firstname.lastname@example.org, then delete it from your mailbox. Please note that the automatic response you get from them may not address you by name.
More Useful Computer and Internet Basics Articles:
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
Reader Comments To Date: 29
i got one few days back and if i wouldnt had read this article i must have been coned.
I just received a spoof email from my friend, I was shocked that this was even possible. He told me he used a site called hoaxMail (hoaxmail.co.uk</a)) and looking into it it seems companies like this are making it increasingly easy to spoof an email address.
thanks for the heads up advice
more or less, people just need to use some common sense and think things twice, or if it is to do with oney, think three times before purchasing online or at other venues
hi dave ...actually i am new to paypal and mone transfer and all that stuff..... i have an account ballance in an online survey site and i want to redeem the money and transfer to my paypal account....when i go to redeem option it asks for "paypal email" what shall i write there coz i dont have any paypal email although i have a paypal personal account! is it my paypal username? (which may be my email id for my webmail site)??? plz help me out
como crear una cuenta paypa
Just rec'd one today. Thought it looked kind of suspicious, googled it, and found that it was a scam.
i don't have an account with pay-pal but i keep getting e-mails all the time wanting me to give info about my account i wonder how to get in touch with them to tell them not send any mor e-mails to my address it is getting pretty old...
Hey, great info here. I am going to give a link to this on my blog.
just got one too & checked the link with left click, properties..
was mail from austrianonlines with a processinglogin
HA! paypa? think NOT! reported as spam :-P
I received an email from email@example.com:
June 09, 2009: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have placed limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Click here to Remove Account Limitations
The thing that got my attention was the email address is from a site: 534.com
A great way to check where an email is going to send you and prevent ending up in the wrong place is to look in the lower left hand corner of your browser when you hover over a link.
You should be able to preview and diagnose whether or not it's the right place by looking at the domain name. In this case... paypal.com/something
Thanks for the info and the paypal email address to send fake emails too. I just got a fake paypal email today.
You are doing 98 cents; add a link to my 2 cent worth (i.e., catalog of fake forwarded emails / spam mail, etc.) I have a Pathfinders To Detect Spam; added yours to this list.
I have got the message that i have won the lottery in 1st category and i won 5 million US$. Is this fake. It has also gave me a telephone number website, Email etc to contact him/her and say my details. Is this true?
THIS WAS SENT TO ME!!
Protect Yourself From Fake Emails
PayPal is your partner against fraudulent emails.
Learn how to identify and avoid fraudulent—or spoof—emails and websites in PayPal's Identity Theft Protection Resource area.
This message is originated from PayPal company.We have received an order from our client Kelsey Smith (firstname.lastname@example.org) regarding the payment made to your PayPal account. The payment has been successfully made but due to security reason we have to receive the shipment tracking number for the processing of your order. This a new measure we are taking to protect both our sellers and buyers against fraudulent customers.Once you have shipped the item send us the shipment tracking number for verification after the number has verify your account will be credited instantly.
This PayPal® payment has been deducted from the buyer's account and has been "APPROVED " but will not be credited to your account until the shipment reference/tracking number is sent to us for shipment verification so as to secure both the buyer and the seller.Below are the necessary information requested before your account will be credited. Send tracking number to us or email us through this mail: (email@example.com).
Once shipment has been verified and the tracking number sent to us, You will receive a " CONFIRMATION Email " from PayPal® informing you that the Money has been credited.
Thank you for using PayPal!
The PayPal Team
Copyright © 1999-2010 PayPal. All right reserved .
Is any of this legite? I told customer I never received payment and this is what they said
I have to have the item ASAP!
and this is my second request for tracking number. They also said paypal is showing the payment was unclaimed and was about to cancel the transaction but they intercepted before it cancelled. Can you please claim the payment, I really would like to have that item. Is any of this legite?
1 way ive notice spoof paypal messages is when you see the web address it ands with a full stop where the real paypal emails do not have a full stop on the end
Thanks for enlighten us beginners.davetaylor i realy love your article
one a month
paypal are doing nothing
I get one of these a month and was so used to getting them I foolishly clicked on the link to log in and check my account (they were using my name on the email). Link sent me to paypal site. Realised what I had done AFTER I logged in and changed the password... on the same computer Doh! Yes I'm occasionally really stupid.
Anyway, changed my password on another computer but await collateral damage. Sent email to firstname.lastname@example.org and was sent a response notifying me that is was fake. Will keep you posted.
Yes, I fell for the e.paypal.co.uk one.
The thing is, I don't get it? I clicked the link to take me to PayPal, and IT DOES. It takes me to:
whereas typing www.paypal.com into my browser takes me to:
So where's the catch?
I've changed my password since clicking the link, but I wonder whether PayPal isn't flagging these up by mistake (as has happened with some of their genuine emails which I've run by email@example.com) and perhaps this domain is just one of their european servers?
I've blocked it just in case, but I think you're probably okay.
Having had my PP account hacked for £2k last month (all returned now) I received one from e.paypal.co.uk today.
Reported it to firstname.lastname@example.org and received the
following from them:
Thanks for taking an active role by reporting suspicious-looking emails.
Although we've determined that the email you forwarded to us is not a phishing attempt, our security team is grateful for your concern.
What is a phishing email?
Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information. PayPal will never ask you for your password over the phone or in an email and will always address you by your first and last name.
Take our Fight Phishing Challenge at https://www.paypal.com/fightphishing
to learn 5 things you should know about phishing. You'll also see what we're doing to help fight fraud every day.
You've made a difference.
Every email counts. By forwarding a suspicious-looking email to email@example.com, you've helped keep yourself and others safe from identity theft.
The PayPal Team
well i stumbled accross this page looking for the @e.paypal.co.uk which is sent to me monthly too, it is genuine because they know my middle name but i thought i'd double check on here :-)i'm still debating whether to add it to safe list or not as its only reminding you to check your monthly statement. I have about 50 junk emails a day because someone had my email adress before i did!
Spoof@paypal.com is a legitimate Paypal address.
I had received an email that looked like it came from Paypal. I was quite alarmed because of what the letter read. It read that i purchased something, that i never purchased. I talked to Paypal on the phone, and they told me it is a fraudulent email. They asked me if i can forward the letter to them. I did forward the letter to them at firstname.lastname@example.org So this email@example.com is a legitimate Paypal address! Here is 3 more tips for you: #1. Paypal always uses your first and last name on every letter they send you. #2. Never click on a link (in a Paypal email) unless you are sure the email is 100% legitimate, even then i would go directly to the Paypal site. #3 Never click on any link to go to Paypal, always go to the address bar at the top of your browser and type in paypal.com You will know if you did it correctly because your address bar will turn green and you'll see a tiny lock in the far right side of the address bar. SAFE SURFING EVERYBODY!
I am also posting for someone named Ann. Here is what Ann says:
I need to warn PayPal members of a scam being perpetrated on users, but being ignored by PayPal.
I received what appeared to be a very valid email from PayPal that included my full name. Other than having 3 links in the email, most people would have believed it to be from PayPal. Thankfully, I checked full headers and realized it had to be a scam. I copied and pasted full headers into the email, then forwarded it to spoof@PayPal.com. I got no response. Three to four days later, I received an identical email and again forwarded it to PayPal. Finally today, I received a "form email response", confirming it was not sent by PayPal, even though it contained my first, middle and last name. Your readers should be aware of this scam.
While writing this, I had a light bulb moment. Many people including me, use "signatures" at the bottom of their emails. Mine includes my full name, company name, website link and phone numbers, something I will stop immediately. It wouldn't take a rocket scientist to check my website, see I accept PayPal, then send what appeared to be a legitmate email from PayPal that included my full name.
I would be willing to bet other readers have fallen prey to this scam. Please urge your readers
1-Don't click on any links
2-Always check full headers
3-Stop using signatures with detailed information.
You made a typo. It is Spoof@paypal.com, not firstname.lastname@example.org
fake PayPal emails always say from 'PayPal' whereas the genuine paypal emails are 'service@paypal'
The simple answer to how to recognise a Fake PayPal email is as follows:
ALL emails from PayPal WITHOUT ANY EXCEPTION will ALWAYS ALWAYS ALWAYS ALWAYS END WITH .......@paypal.com .If they don't, they are fake. As simple as that!
Scammers are now using also Fake emails from banks.....(Royal Bank of Canada seem to be the flavour of the month). The simple way to recognise a fake bank email is that banks will NEVER HOLD MONEY PENDING RECEIPT OF A SHIPPING CONFIRMATION. Banks or PayPal NEVER get involved in transactions between buyers and sellers AT THE TIME OF THE SALE.
I hope this helps. Please spread the word.... Copy this post to as many websites as you can to kill the criminals fraudulent activities so no one would fall victims to them.
Paul, that's an oversimplification, of course, because spammers can easily spoof an address so that a message looks like it's come from @paypal.com. I say don't believe ANY of the email you get from PayPal. Just log in to your account by typing in "paypal.com" into your browser and if they need to communicate with you, there'll be a notification or other indication on your account.
I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by
buying you a cup of coffee!||
Follow Me on Pinterest
Find Me on Google+
ADT on G+