Dave, I was reading a message from Paypal on my new Gmail account and it had this big red warning on the top saying “Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.” What does that mean and why am I seeing it?
I only recently bumped into one of these messages on Gmail myself, actually, and I applaud Gmail for creating this warning. What’s happening is that you think you’re reading a message from Paypal, but it’s actually what’s called a “phishing” message, a fake message that purports to be from a legitimate company asking you to verify or validate some account information. You dutifully click on the link, log in to the fake site then get some sort of peculiar error message or are even whisked to the real site, once the phishers have recorded your account and password pair.
Then they log in as you and, presumably, perform all sorts of nefarious deeds, including perhaps transfering your balance to their own account, buying lots of stuff for themselves, or just closing out the account completely. The first step that they’d do, by the way, would be to change the account password, locking you out of your own account. Scary? You bet.
If you’d like more information about phishing scams, I have another article I’ve written on this subject entitled How can I tell if Paypal and eBay alerts are legit or phishing? and Gmail has its own interesting help article too, What should I do about a message that asks for personal information?
This is a very common fraud attempt. I’ve gotten quite a few of these. Bank of America, aol, Paypal, to mention a few. The real Paypal always will address you with your name and will direct you to a https site. They always have respopnded to me quickly when I have questioned the fake emails and were great in explained their process to me, as well as verifying that the email, in question, is fake.
The fake guys will never know your name as you are just a part of a mass mailing to many email addresses. Never trust the internet. And remember that there is no such thing as free lunch. Always verify the legitimacy of the email before sending any sensitive information.