I just got an email from PayPal saying that there’s a payment reversal on my account and that I need to log in to explain what happened. But I haven’t bought or sold anything through PayPal in months. Is this legit or some phishing or other scam?
It’s a scam. If it’s like what I received the other day, it’s also an extraordinarily well constructed scam, down to a perfect clone of the PayPal home page and a domain that’s really close to the paypal.com domain. This isn’t some kid putting the scam together in his basement either, it’s very well done.
But you wouldn’t have to worry about it if you follow my basic rule of thumb: Never click on a link in an email message.
This is most important on sites that require you to log in, of course, so a link to the Google home page — or to AskDaveTaylor.com — isn’t anywhere near as questionable. But a link to your bank, PayPal, eBay, Amazon or anything like that is problematic and should be avoided at all times.
Got it? Don’t click.
Meanwhile, let’s step through this phishing scam and see what they’re doing.
To start, here’s the email I received. Probably looks just like what you got:
Everything about this looks good. The email makes sense, it comes from a PayPal address and even has a bunch of complicated numbers that make it seem like it might be a legit issue.
Any decent modern mailer, however, will show you the problem if you simply hover your cursor over the “Remove Limitation” button:
Clearly PayPal Corporation isn’t going to use a URL shortener, so that’s enough for you to say “Yikes!” and delete the message. Right? 🙂
But let’s say you didn’t and you clicked through on the link. The resultant page you get to is oh so well done as a scam page. It’s really a perfect clone of the real Paypal home page:
How can you tell? Well, that’s tricky.
There are two things wrong here. First, there’s no SSL secure site indicator from the browser (in this case, Google Chrome), but if you look really closely at the URL you can hopefully spot the problem:
See it? It’s subtle. On first glance, in fact, I saw “www.payipal.com” and said “Ha!” wrong domain. But look even closer and that’s wrong too, the domain is actually payipal-com-web-apps.cf and the .cf domain? That’s a new one for me too, turns out it’s the Central African Republic, of all places. Definitely not where PayPal is located!
Whether you enjoy putting on your deerstalker and playing detective or just want to avoid problems, it’s always best to stick to my rule: don’t click on links in email.