Dave, I was reading a message from Paypal on my new Gmail account and it had this big red warning on the top saying “Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.” What does that mean and why am I seeing it?
I only recently bumped into one of these messages on Gmail myself, actually, and I applaud Gmail for creating this warning. What’s happening is that you think you’re reading a message from Paypal, but it’s actually what’s called a “phishing” message, a fake message that purports to be from a legitimate company asking you to verify or validate some account information. You dutifully click on the link, log in to the fake site then get some sort of peculiar error message or are even whisked to the real site, once the phishers have recorded your account and password pair.
Then they log in as you and, presumably, perform all sorts of nefarious deeds, including perhaps transfering your balance to their own account, buying lots of stuff for themselves, or just closing out the account completely. The first step that they’d do, by the way, would be to change the account password, locking you out of your own account. Scary? You bet.
If you’d like more information about phishing scams, I have another article I’ve written on this subject entitled How can I tell if Paypal and eBay alerts are legit or phishing? and Gmail has its own interesting help article too, What should I do about a message that asks for personal information?