Industry guru Dave Taylor offers tech support on technical and business topics, including iPhone, iPod, Microsoft Windows, Sony PSP, cellphones, online advertising, CSS, Web design, business, Unix, Linux, SEO, Mac OS X, and shell script programming.     


How can I recognize fake Paypal email?

Dave, I get tons of email that looks like it's from Paypal, asking me to update my account record, check that things are configured alright, or even to "notify" me that a new email address has been "added" to my account. Sheesh! How can I recognize real Paypal email and separate it out from all the phishing and fake messages in my inbox?


Dave's Answer:

I know what you mean. I get a ton of this junk too, and I have learned to never click on a link in an email message. If I think it's legit, I'll open my browser and directly type in the Paypal URL: https://www.paypal.com/ (note that it's 'https' not 'http' too).

Paypal itself has some useful tips too:

10 ways to recognize fake (spoof) emails

  1. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.
  2. A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.
  3. A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.
  4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
    • Direct you to a spoof website that tries to collect your personal data.
    • Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
    • Cause you to download a virus that could disable your computer.
  5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.
  6. Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
    • If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
    • Even if a URL contains the word "PayPal," it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com, www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
    • Always log in to PayPal by opening a new web browser and typing in the following: https://www.paypal.com/
    • Never log in to PayPal from a link in an email message.
  7. Misspellings and bad grammar. Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
  8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
  9. Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.
  10. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.

If you receive a spoof email, forward the entire email - including the header information - to Paypal's fraud team at: spoof@paypal.com, then delete it from your mailbox. Please note that the automatic response you get from them may not address you by name.


More Useful Computer and Internet Basics Articles:
✔   How do I blur my house on Google Maps Street View?
I was poking around on Google Maps looking at satellite views of my neighborhood and when I switched to street view, was upset...
✔   Create a custom vanity URL for Kickstarter?
I was reading some updates on Twitter and saw someone had posted a URL that would let me see what projects they'd backed...
✔   Export or Save Subscription List from Google Reader?
Just heard that Google Reader is going away this summer. That stinks! How am I supposed to read my RSS feeds? More importantly,...
✔   Shrink or Reduce a Photo File Size on Mac?
I'm trying to upload some photos to a social media site and it's complaining that they're too big. They are, as they come...
✔   Can I organize my Yahoo Mail with folders?
I've been on Yahoo Mail for years and while most of my friends are now on Gmail or their own Web-based email programs,...

Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
    Enter your name: and your email addr:  









Reader Comments To Date: 29

pipes said, on March 31, 2006 2:11 AM:

i got one few days back and if i wouldnt had read this article i must have been coned.
thanks

Grant Holden said, on May 5, 2007 6:27 AM:

I just received a spoof email from my friend, I was shocked that this was even possible. He told me he used a site called hoaxMail (hoaxmail.co.uk</a)) and looking into it it seems companies like this are making it increasingly easy to spoof an email address.

Worrying?

sunchip said, on August 16, 2007 7:03 PM:

thanks for the heads up advice
more or less, people just need to use some common sense and think things twice, or if it is to do with oney, think three times before purchasing online or at other venues

abhinav said, on December 8, 2007 4:33 AM:

hi dave ...actually i am new to paypal and mone transfer and all that stuff..... i have an account ballance in an online survey site and i want to redeem the money and transfer to my paypal account....when i go to redeem option it asks for "paypal email" what shall i write there coz i dont have any paypal email although i have a paypal personal account! is it my paypal username? (which may be my email id for my webmail site)??? plz help me out

maryoris said, on January 29, 2008 2:14 PM:

como crear una cuenta paypa

Isaiah said, on May 14, 2008 1:31 PM:

Just rec'd one today. Thought it looked kind of suspicious, googled it, and found that it was a scam.

Thanks!

lowell thomas said, on June 23, 2008 3:53 PM:

i don't have an account with pay-pal but i keep getting e-mails all the time wanting me to give info about my account i wonder how to get in touch with them to tell them not send any mor e-mails to my address it is getting pretty old...

Jeff said, on August 21, 2008 1:03 PM:

Hey, great info here. I am going to give a link to this on my blog.

cyn said, on February 13, 2009 8:12 AM:

just got one too & checked the link with left click, properties..
was mail from austrianonlines with a processinglogin
at paypa!
HA! paypa? think NOT! reported as spam :-P

Ryan Tolentino said, on June 12, 2009 9:15 AM:

I received an email from paypal@534.com:
June 09, 2009: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have placed limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

Click here to Remove Account Limitations

The thing that got my attention was the email address is from a site: 534.com

Rena Fredricksen said, on July 21, 2009 3:26 PM:

A great way to check where an email is going to send you and prevent ending up in the wrong place is to look in the lower left hand corner of your browser when you hover over a link.

You should be able to preview and diagnose whether or not it's the right place by looking at the domain name. In this case... paypal.com/something

Louise said, on August 27, 2009 12:07 AM:

Thanks for the info and the paypal email address to send fake emails too. I just got a fake paypal email today.

MT said, on December 20, 2009 1:23 PM:

You are doing 98 cents; add a link to my 2 cent worth (i.e., catalog of fake forwarded emails / spam mail, etc.) I have a Pathfinders To Detect Spam; added yours to this list.
Best wishes.

Rabin said, on January 20, 2010 3:45 AM:

I have got the message that i have won the lottery in 1st category and i won 5 million US$. Is this fake. It has also gave me a telephone number website, Email etc to contact him/her and say my details. Is this true?

alicia Cole said, on August 7, 2010 2:13 PM:

THIS WAS SENT TO ME!!

Protect Yourself From Fake Emails
PayPal is your partner against fraudulent emails.
Learn how to identify and avoid fraudulent—or spoof—emails and websites in PayPal's Identity Theft Protection Resource area.


Dear Miss_cole7,

This message is originated from PayPal company.We have received an order from our client Kelsey Smith (kelseysmith200@gmail.com) regarding the payment made to your PayPal account. The payment has been successfully made but due to security reason we have to receive the shipment tracking number for the processing of your order. This a new measure we are taking to protect both our sellers and buyers against fraudulent customers.Once you have shipped the item send us the shipment tracking number for verification after the number has verify your account will be credited instantly.

This PayPal® payment has been deducted from the buyer's account and has been "APPROVED " but will not be credited to your account until the shipment reference/tracking number is sent to us for shipment verification so as to secure both the buyer and the seller.Below are the necessary information requested before your account will be credited. Send tracking number to us or email us through this mail: (onlinetransfersuport@mail2consultant.com).

**PLEASE NOTE**
Once shipment has been verified and the tracking number sent to us, You will receive a " CONFIRMATION Email " from PayPal® informing you that the Money has been credited.


Thank you for using PayPal!
The PayPal Team






Copyright © 1999-2010 PayPal. All right reserved .


JT said, on October 22, 2010 12:27 PM:

Is any of this legite? I told customer I never received payment and this is what they said

I have to have the item ASAP!
and this is my second request for tracking number. They also said paypal is showing the payment was unclaimed and was about to cancel the transaction but they intercepted before it cancelled. Can you please claim the payment, I really would like to have that item. Is any of this legite?

craig said, on July 5, 2011 4:14 PM:

1 way ive notice spoof paypal messages is when you see the web address it ands with a full stop where the real paypal emails do not have a full stop on the end

Ogunrinde gideon said, on August 31, 2011 5:28 PM:

Thanks for enlighten us beginners.davetaylor i realy love your article

a said, on October 3, 2011 4:46 AM:

@e.paypal.co.uk

one a month

reported everytime

paypal are doing nothing

KT said, on April 24, 2012 5:20 AM:

e.paypal.co.uk

I get one of these a month and was so used to getting them I foolishly clicked on the link to log in and check my account (they were using my name on the email). Link sent me to paypal site. Realised what I had done AFTER I logged in and changed the password... on the same computer Doh! Yes I'm occasionally really stupid.

Anyway, changed my password on another computer but await collateral damage. Sent email to spoof@paypal.com and was sent a response notifying me that is was fake. Will keep you posted.

Darren said, on April 25, 2012 3:35 AM:

Yes, I fell for the e.paypal.co.uk one.

The thing is, I don't get it? I clicked the link to take me to PayPal, and IT DOES. It takes me to:

https://www.paypal.com/uk/cgi-bin/webscr?cmd=_login-run

whereas typing www.paypal.com into my browser takes me to:

https://www.paypal.com/uk/cgi-bin/webscr?cmd=_login-run

So where's the catch?

I've changed my password since clicking the link, but I wonder whether PayPal isn't flagging these up by mistake (as has happened with some of their genuine emails which I've run by spoof@paypal.com) and perhaps this domain is just one of their european servers?

I've blocked it just in case, but I think you're probably okay.

LMW said, on August 14, 2012 1:50 PM:

Having had my PP account hacked for £2k last month (all returned now) I received one from e.paypal.co.uk today.
Reported it to spoff@paypal.com and received the
following from them:

Dear ,

Thanks for taking an active role by reporting suspicious-looking emails.
Although we've determined that the email you forwarded to us is not a phishing attempt, our security team is grateful for your concern.

*************************
What is a phishing email?
*************************
Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information. PayPal will never ask you for your password over the phone or in an email and will always address you by your first and last name.

Take our Fight Phishing Challenge at https://www.paypal.com/fightphishing
to learn 5 things you should know about phishing. You'll also see what we're doing to help fight fraud every day.

*************************
You've made a difference.
*************************
Every email counts. By forwarding a suspicious-looking email to spoof@paypal.com, you've helped keep yourself and others safe from identity theft.

Thanks,

The PayPal Team

carl said, on September 11, 2012 11:22 AM:

well i stumbled accross this page looking for the @e.paypal.co.uk which is sent to me monthly too, it is genuine because they know my middle name but i thought i'd double check on here :-)i'm still debating whether to add it to safe list or not as its only reminding you to check your monthly statement. I have about 50 junk emails a day because someone had my email adress before i did!

cimbakahn said, on December 10, 2012 2:34 PM:

Spoof@paypal.com is a legitimate Paypal address.
.
I had received an email that looked like it came from Paypal. I was quite alarmed because of what the letter read. It read that i purchased something, that i never purchased. I talked to Paypal on the phone, and they told me it is a fraudulent email. They asked me if i can forward the letter to them. I did forward the letter to them at spoof@paypal.com So this spoof@paypal.com is a legitimate Paypal address! Here is 3 more tips for you: #1. Paypal always uses your first and last name on every letter they send you. #2. Never click on a link (in a Paypal email) unless you are sure the email is 100% legitimate, even then i would go directly to the Paypal site. #3 Never click on any link to go to Paypal, always go to the address bar at the top of your browser and type in paypal.com You will know if you did it correctly because your address bar will turn green and you'll see a tiny lock in the far right side of the address bar. SAFE SURFING EVERYBODY!

cimbakahn said, on December 10, 2012 2:40 PM:

I am also posting for someone named Ann. Here is what Ann says:

I need to warn PayPal members of a scam being perpetrated on users, but being ignored by PayPal.

I received what appeared to be a very valid email from PayPal that included my full name. Other than having 3 links in the email, most people would have believed it to be from PayPal. Thankfully, I checked full headers and realized it had to be a scam. I copied and pasted full headers into the email, then forwarded it to spoof@PayPal.com. I got no response. Three to four days later, I received an identical email and again forwarded it to PayPal. Finally today, I received a "form email response", confirming it was not sent by PayPal, even though it contained my first, middle and last name. Your readers should be aware of this scam.

While writing this, I had a light bulb moment. Many people including me, use "signatures" at the bottom of their emails. Mine includes my full name, company name, website link and phone numbers, something I will stop immediately. It wouldn't take a rocket scientist to check my website, see I accept PayPal, then send what appeared to be a legitmate email from PayPal that included my full name.

I would be willing to bet other readers have fallen prey to this scam. Please urge your readers
1-Don't click on any links
2-Always check full headers
3-Stop using signatures with detailed information.

Regards
Ann

cimbakahn said, on December 10, 2012 2:44 PM:

Dear LMW

You made a typo. It is Spoof@paypal.com, not spoff@paypal.com

Columbo said, on December 11, 2012 7:59 AM:

fake PayPal emails always say from 'PayPal' whereas the genuine paypal emails are 'service@paypal'

Paul Stanley said, on March 7, 2013 10:21 PM:

Guys,

The simple answer to how to recognise a Fake PayPal email is as follows:
ALL emails from PayPal WITHOUT ANY EXCEPTION will ALWAYS ALWAYS ALWAYS ALWAYS END WITH .......@paypal.com .If they don't, they are fake. As simple as that!

Scammers are now using also Fake emails from banks.....(Royal Bank of Canada seem to be the flavour of the month). The simple way to recognise a fake bank email is that banks will NEVER HOLD MONEY PENDING RECEIPT OF A SHIPPING CONFIRMATION. Banks or PayPal NEVER get involved in transactions between buyers and sellers AT THE TIME OF THE SALE.

I hope this helps. Please spread the word.... Copy this post to as many websites as you can to kill the criminals fraudulent activities so no one would fall victims to them.

Dave Taylor said, on March 7, 2013 11:28 PM:

Paul, that's an oversimplification, of course, because spammers can easily spoof an address so that a message looks like it's come from @paypal.com. I say don't believe ANY of the email you get from PayPal. Just log in to your account by typing in "paypal.com" into your browser and if they need to communicate with you, there'll be a notification or other indication on your account.

Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!

I do have a comment, now that you mention it!











I will never send you any unsolicited email. Ever.






Check This Out Too...

 
Look for Answers
Need Help? Ask Dave Taylor!


Follow Me on Pinterest

Find Me on Google+
ADT on G+
© 2002 - 2013 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. My lawyer says "Thanks".
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.