Dave, I get tons of email that looks like it’s from Paypal, asking me to update my account record, check that things are configured alright, or even to “notify” me that a new email address has been “added” to my account. Sheesh! How can I recognize real Paypal email and separate it out from all the phishing and fake messages in my inbox?
I know what you mean. I get a ton of this junk too, and I have learned to never click on a link in an email message. If I think it’s legit, I’ll open my browser and directly type in the Paypal URL: https://www.paypal.com/ (note that it’s ‘https’ not ‘http’ too).
Paypal itself has some useful tips too:
10 ways to recognize fake (spoof) emails
- Generic greetings. Many spoof emails begin with a general greeting, such as: “Dear PayPal member.” If you do not see your first and last name, be suspicious and do not click on any links or button.
- A fake sender’s address. A spoof email may include a forged email address in the “From” field. This field is easily altered.
- A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don’t update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.
- Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a spoof website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.
- Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.
- Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
- If you see an @ sign in the middle of a URL, there’s a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
- Even if a URL contains the word “PayPal,” it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com, www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
- Always log in to PayPal by opening a new web browser and typing in the following: https://www.paypal.com/
- Never log in to PayPal from a link in an email message.
- Misspellings and bad grammar. Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
- Unsafe sites. The term “https” should always precede any website address where you enter personal information. The “s” stands for secure. If you don’t see “https,” you’re not in a secure web session, and you should not enter data.
- Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.
- Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.
If you receive a spoof email, forward the entire email – including the header information – to Paypal’s fraud team at: spoof@paypal.com, then delete it from your mailbox. Please note that the automatic response you get from them may not address you by name.
Here’s what I got recently. Pretty sure it’s fake. It really bothers me that there’s no Paypal email or phone number or contact person to check with, just this forum. Isn’t that incredibly stupid of Paypal? Or am I missing something?
I got the following 2 emails and I think they may be a scam. I am a PayPal member. There seem to be typos in these emails and my Paypal account is working fine.
——————————–
service service@service-acesveiecisa.com via 120-prod.mail-out.ovh.net
Sep 5 (1 day ago)
to me
New Alert
——————————–
Ρay Ρal
Hey Dear Client,
Please update your payment and address information. Or your account will be suspended for some security reasons. You have to check your information in order to continue using our service smoothly. please check your account information by clicking the link below.
All you need to do is click the button below (it only takes a few seconds).
we’re simply verifying ownership of this email address.
Verify Now
All Right Reserved 1999- 2017
You see a domain like “@service-acesveiecisa.com” and you’re only MOSTLY sure? I can 100% guarantee you’ll never get an email from PayPal with a domain address like that involved.
I had got an email day before. It said that a payment of $19,067.89 was recieved and deposited into my Paypal account. A verification code was needed and to click below to access your payment.
I clicked on Details and looked at the from address and saw paypal. I tried to send them my Paypal address to no avail. Then I logged onto Paypal and checked my account, nothing. Talked to support. They told me its possible its phish and forward it to spoof.
Sure as heck sounds like a scam to me, Mila. I’d delete it.
hi i keep recieving emails supposedly from pay pal saying ive nearly reached my paypal sending limit and i dont know if its fake or not please help because i dont want to have to activate my bank account on pay pal
Most likely you don’t have any spending limits on PayPal. Find out by going to the site directly (not by clicking on a link on a Web page or email). Type in “paypal.com”, log in, and see if there are any issues or system messages.
ive checked my paypal account and there are no notifications from paypal themselves so will the emails be faked
I just got an email (out of the blue) from “Pay Pal” saying that I needed to sign in to my account due to some recent “suspicious activity”. Funny thing is I closed out and deleted my Pay Pal account MONTHS ago. I had a funny feeling it was bogus so I just trashed the email.
I get loads of spoof emails from (not!)Paypal. Today I got the first email from paypal@e.paypal.co.uk. What I’d like to know is, if it’s a spoof, how did they get my name? Can they somehow take it from my email address or do they have it from Paypal, ’cause that’s kind of worrying :S
Paul, that’s an oversimplification, of course, because spammers can easily spoof an address so that a message looks like it’s come from @paypal.com. I say don’t believe ANY of the email you get from PayPal. Just log in to your account by typing in “paypal.com” into your browser and if they need to communicate with you, there’ll be a notification or other indication on your account.
Guys,
The simple answer to how to recognise a Fake PayPal email is as follows:
ALL emails from PayPal WITHOUT ANY EXCEPTION will ALWAYS ALWAYS ALWAYS ALWAYS END WITH …….@paypal.com .If they don’t, they are fake. As simple as that!
Scammers are now using also Fake emails from banks…..(Royal Bank of Canada seem to be the flavour of the month). The simple way to recognise a fake bank email is that banks will NEVER HOLD MONEY PENDING RECEIPT OF A SHIPPING CONFIRMATION. Banks or PayPal NEVER get involved in transactions between buyers and sellers AT THE TIME OF THE SALE.
I hope this helps. Please spread the word…. Copy this post to as many websites as you can to kill the criminals fraudulent activities so no one would fall victims to them.
fake PayPal emails always say from ‘PayPal’ whereas the genuine paypal emails are ‘service@paypal’
Dear LMW
You made a typo. It is Spoof@paypal.com, not spoff@paypal.com
I am also posting for someone named Ann. Here is what Ann says:
I need to warn PayPal members of a scam being perpetrated on users, but being ignored by PayPal.
I received what appeared to be a very valid email from PayPal that included my full name. Other than having 3 links in the email, most people would have believed it to be from PayPal. Thankfully, I checked full headers and realized it had to be a scam. I copied and pasted full headers into the email, then forwarded it to spoof@PayPal.com. I got no response. Three to four days later, I received an identical email and again forwarded it to PayPal. Finally today, I received a “form email response”, confirming it was not sent by PayPal, even though it contained my first, middle and last name. Your readers should be aware of this scam.
While writing this, I had a light bulb moment. Many people including me, use “signatures” at the bottom of their emails. Mine includes my full name, company name, website link and phone numbers, something I will stop immediately. It wouldn’t take a rocket scientist to check my website, see I accept PayPal, then send what appeared to be a legitmate email from PayPal that included my full name.
I would be willing to bet other readers have fallen prey to this scam. Please urge your readers
1-Don’t click on any links
2-Always check full headers
3-Stop using signatures with detailed information.
Regards
Ann
Spoof@paypal.com is a legitimate Paypal address.
.
I had received an email that looked like it came from Paypal. I was quite alarmed because of what the letter read. It read that i purchased something, that i never purchased. I talked to Paypal on the phone, and they told me it is a fraudulent email. They asked me if i can forward the letter to them. I did forward the letter to them at spoof@paypal.com So this spoof@paypal.com is a legitimate Paypal address! Here is 3 more tips for you: #1. Paypal always uses your first and last name on every letter they send you. #2. Never click on a link (in a Paypal email) unless you are sure the email is 100% legitimate, even then i would go directly to the Paypal site. #3 Never click on any link to go to Paypal, always go to the address bar at the top of your browser and type in paypal.com You will know if you did it correctly because your address bar will turn green and you’ll see a tiny lock in the far right side of the address bar. SAFE SURFING EVERYBODY!
well i stumbled accross this page looking for the @e.paypal.co.uk which is sent to me monthly too, it is genuine because they know my middle name but i thought i’d double check on here :-)i’m still debating whether to add it to safe list or not as its only reminding you to check your monthly statement. I have about 50 junk emails a day because someone had my email adress before i did!
Having had my PP account hacked for £2k last month (all returned now) I received one from e.paypal.co.uk today.
Reported it to spoff@paypal.com and received the
following from them:
Dear ,
Thanks for taking an active role by reporting suspicious-looking emails.
Although we’ve determined that the email you forwarded to us is not a phishing attempt, our security team is grateful for your concern.
*************************
What is a phishing email?
*************************
Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information. PayPal will never ask you for your password over the phone or in an email and will always address you by your first and last name.
Take our Fight Phishing Challenge at https://www.paypal.com/fightphishing
to learn 5 things you should know about phishing. You’ll also see what we’re doing to help fight fraud every day.
*************************
You’ve made a difference.
*************************
Every email counts. By forwarding a suspicious-looking email to spoof@paypal.com, you’ve helped keep yourself and others safe from identity theft.
Thanks,
The PayPal Team
Yes, I fell for the e.paypal.co.uk one.
The thing is, I don’t get it? I clicked the link to take me to PayPal, and IT DOES. It takes me to:
https://www.paypal.com/uk/cgi-bin/webscr?cmd=_login-run
whereas typing http://www.paypal.com into my browser takes me to:
https://www.paypal.com/uk/cgi-bin/webscr?cmd=_login-run
So where’s the catch?
I’ve changed my password since clicking the link, but I wonder whether PayPal isn’t flagging these up by mistake (as has happened with some of their genuine emails which I’ve run by spoof@paypal.com) and perhaps this domain is just one of their european servers?
I’ve blocked it just in case, but I think you’re probably okay.
e.paypal.co.uk
I get one of these a month and was so used to getting them I foolishly clicked on the link to log in and check my account (they were using my name on the email). Link sent me to paypal site. Realised what I had done AFTER I logged in and changed the password… on the same computer Doh! Yes I’m occasionally really stupid.
Anyway, changed my password on another computer but await collateral damage. Sent email to spoof@paypal.com and was sent a response notifying me that is was fake. Will keep you posted.
@e.paypal.co.uk
one a month
reported everytime
paypal are doing nothing
Thanks for enlighten us beginners.davetaylor i realy love your article
1 way ive notice spoof paypal messages is when you see the web address it ands with a full stop where the real paypal emails do not have a full stop on the end
Is any of this legite? I told customer I never received payment and this is what they said
I have to have the item ASAP!
and this is my second request for tracking number. They also said paypal is showing the payment was unclaimed and was about to cancel the transaction but they intercepted before it cancelled. Can you please claim the payment, I really would like to have that item. Is any of this legite?
THIS WAS SENT TO ME!!
Protect Yourself From Fake Emails
PayPal is your partner against fraudulent emails.
Learn how to identify and avoid fraudulent—or spoof—emails and websites in PayPal’s Identity Theft Protection Resource area.
Dear Miss_cole7,
This message is originated from PayPal company.We have received an order from our client Kelsey Smith (kelseysmith200@gmail.com) regarding the payment made to your PayPal account. The payment has been successfully made but due to security reason we have to receive the shipment tracking number for the processing of your order. This a new measure we are taking to protect both our sellers and buyers against fraudulent customers.Once you have shipped the item send us the shipment tracking number for verification after the number has verify your account will be credited instantly.
This PayPal® payment has been deducted from the buyer’s account and has been “APPROVED ” but will not be credited to your account until the shipment reference/tracking number is sent to us for shipment verification so as to secure both the buyer and the seller.Below are the necessary information requested before your account will be credited. Send tracking number to us or email us through this mail: (onlinetransfersuport@mail2consultant.com).
**PLEASE NOTE**
Once shipment has been verified and the tracking number sent to us, You will receive a ” CONFIRMATION Email ” from PayPal® informing you that the Money has been credited.
Thank you for using PayPal!
The PayPal Team
Copyright © 1999-2010 PayPal. All right reserved .
So this is a fake email?
I have got the message that i have won the lottery in 1st category and i won 5 million US$. Is this fake. It has also gave me a telephone number website, Email etc to contact him/her and say my details. Is this true?
You are doing 98 cents; add a link to my 2 cent worth (i.e., catalog of fake forwarded emails / spam mail, etc.) I have a Pathfinders To Detect Spam; added yours to this list.
Best wishes.
Thanks for the info and the paypal email address to send fake emails too. I just got a fake paypal email today.
A great way to check where an email is going to send you and prevent ending up in the wrong place is to look in the lower left hand corner of your browser when you hover over a link.
You should be able to preview and diagnose whether or not it’s the right place by looking at the domain name. In this case… paypal.com/something
I received an email from paypal@534.com:
June 09, 2009: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have placed limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Click here to Remove Account Limitations
The thing that got my attention was the email address is from a site: 534.com
I received an email from paypal@534.com:
June 09, 2009: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have placed limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Click here to Remove Account Limitations
The thing that got my attention was the email address is from a site: 534.com
just got one too & checked the link with left click, properties..
was mail from austrianonlines with a processinglogin
at paypa!
HA! paypa? think NOT! reported as spam 😛
Hey, great info here. I am going to give a link to this on my blog.
i don’t have an account with pay-pal but i keep getting e-mails all the time wanting me to give info about my account i wonder how to get in touch with them to tell them not send any mor e-mails to my address it is getting pretty old…
Just rec’d one today. Thought it looked kind of suspicious, googled it, and found that it was a scam.
Thanks!
como crear una cuenta paypa
hi dave …actually i am new to paypal and mone transfer and all that stuff….. i have an account ballance in an online survey site and i want to redeem the money and transfer to my paypal account….when i go to redeem option it asks for “paypal email” what shall i write there coz i dont have any paypal email although i have a paypal personal account! is it my paypal username? (which may be my email id for my webmail site)??? plz help me out
thanks for the heads up advice
more or less, people just need to use some common sense and think things twice, or if it is to do with oney, think three times before purchasing online or at other venues
I just received a spoof email from my friend, I was shocked that this was even possible. He told me he used a site called hoaxMail (hoaxmail.co.uk</a)) and looking into it it seems companies like this are making it increasingly easy to spoof an email address.
Worrying?
i got one few days back and if i wouldnt had read this article i must have been coned.
thanks