How can I detect a Phishing Scam / Paypal-labs.com?

Is this a phishing scam? I just got some email that looks suspicious with a link to “paypal-labs.com” Is it a scam or phishing attempt? Why can’t they just make it paypal.com?

Before I do any research and show you how to figure this sort of thing out yourself, let me say off the bat that yeah, it’s probably a phishing scam indeed, email that wants you to go to a domain that has “paypal” in its name and purports to be part of the Paypal organization, but isn’t actually Paypal.com.
Still, I’m really skeptical, so perhaps it’s just me…
The first thing to check with a potential phishing attempt message is who owns the domain name. You can go to a ton of places to do a domain registration check, but I prefer the original service that’s been around forever: Network Solutions.
You can go directly to a WHOIS Lookup on Network Solutions.
The form looks like this:

Search for “paypal-labs.com” and you’ll find…

Registrant:
Host Master
PayPal Inc.
2211 North First Street
San Jose CA 95131 US
hostmaster@ebay.com +1.4083767400 Fax:

Well that’s a surprise. Turns it that the domain is owned by Paypal.
Not sure? Look up Paypal’s main domain — paypal.com — and you’ll see it too is registered to a company headquartered at 2211 North First Street. Still paranoid? Search that street address in Google Maps and you’ll see:

So this time it’s not a phishing attempt, but I often wonder about companies that send out email to customers from alternative domains, especially when informing their customers not to click on URLs in email messages anyway.
Next time you get an email of this nature that you’re suspicious about, do pop onto the Network Solutions siste and check out their WHOIS service.

4 thoughts on “How can I detect a Phishing Scam / Paypal-labs.com?”

drmike

August 22, 2010 at 7:06 am

Rather surprised that you’re relying on the address of a whois. There’s nothing stopping folks from leaving a fake address with their whois information. I’ve seen scam sites with the 1600 Pennsylvania Avenue address of the US White House before.
Reply
steve

August 13, 2010 at 12:56 pm

It’s always better to ignore these emails,and if need be go to paypal.com and send them an email about such an email they will let you know if it is legit or a scam.
Suck phishing emails are on the rise nowadays,even with the spam filters becoming better.
Reply
PaulM

August 5, 2010 at 3:44 pm

Ken B. – That’s a very good point, and one I asked myself too.
Reply
Ken B

August 5, 2010 at 9:40 am

What prevents a phisher from registering a domain, and claiming that the mailing address is that of the “real” company? It’s not like things are done via postal mail nowadays. Sure, the real company could file a complaint, _if_ it were to find out, but that doesn’t stop the phisher beforehand.
Reply