PayPal scams have been around for a long time, but there’s no sign of them slowing down anytime soon. Action Fraud warned last month about a new strain of PayPal phishing emails which resulted in losses of £1,121,446 within just three months at the end of last year.
This article will outline the different types of PayPal phishing emails as well as how to spot the signs of a fake email and what to do if you receive one.
A common phishing email is when fraudsters claim that your account has been compromised and will be suspended unless you confirm your log-in details and/or payment information. They will send you a link which will take you to a fake PayPal website, and there you will be asked to enter your details. These details will be sent directly to the scammers.
Scammers may also claim that there has been some unusual activity on your account so they need you to log-in to verify your identity and recent transactions. They will state that access to your account is limited until you take the necessary authentication steps.
Some scammers will target online eBay sellers and send emails to make it look like you’ve just received a payment. This is an attempt to get you to send items for free. When you receive one of these emails, log-in to your PayPal account (from your search engine, do not click on any links in the email) and check that you have definitely received a payment before sending anything.
In this scam, the fraudster claims that you’ve paid too much for an order and you’re due a refund. In order for them to process it, the scammers will send an email with a link to a fake website controlled by them and ask you to enter your personal details and bank card number.
Fraudsters can easily spoof the display name that comes up when you receive an email. They will often choose something like ‘PayPal Customer Service’ or ‘PayPal Services’ so it looks genuine.
However, you need to look at the actual email address, not just the display name. Sometimes this can be difficult to see initially, depending on what email service you use, but usually if you hover your mouse over the display name or press ‘reply’ the email address will be shown. If it’s a scam email, the email address is likely to be a random mixture of numbers and letters but be careful of anything that looks suspicious. If it’s a genuine email, the address will end with ‘@paypal.com’.
Scammers will often send thousands of these phishing emails out at a time, so they’re very rarely personalised. PayPal address their emails with the customer’s name, or the business name detailed on the PayPal account.
If there’s a link in the email, always hover over it before clicking. It may look genuine on the service, for example, www.paypal.com/billing, but hovering over it will reveal the real destination. If it doesn’t reflect the same as the text or it looks in any way suspicious, do not click on it and go directly to the PayPal website from your search engine.
Scammers will want you to act quickly so they will often use urgent and threatening language. For example, they may say that your account will be suspended unless you act immediately.
Check through the email and take note of the punctuation and grammar. Scam emails often contain typos and small mistakes, whereas genuine companies will take their time and ensure that the emails they’re sending to customers are well-written.
PayPal state that they do contact their customers via email for marketing purposes, however, if any account action is required they will contact the customer through the secure messaging centre on their website instead.
Emails from PayPal will address you by your name, or business name. Scam emails will start with something like ‘Dear customer’ or ‘Dear (email address)’.
Any email sent from PayPal will come from ‘paypal.com’. If the email address is anything different, it is a scam.
PayPal state that they will never ask for any personal or financial details over email. This includes your full name, bank card details, your PayPal password or the answers to your security questions.
If you receive an email which is suspicious in any way, forward it to email@example.com so PayPal can investigate it, then delete the email immediately. Do not click on any links or attachments and go to the PayPal website using your search engine if you have any concerns about your account.
If you think you’ve clicked on a suspicious link and you’ve given your details to a criminal, report it to Action Fraud UK immediately. You should also report it to PayPal and your bank and they will advise you on what to do next.
Find it useful? Please share!
Find it useful? Please share!
Last updated: 26 February 2020 | © KIS Bridging Loans 2020 |