Most of us are aware spam emails exist trying to separate us from our hard-earned cash. Whether it’s a claim of a Nigerian Prince leaving us millions of dollars, someone posing as our bank trying to get us to give up personal information, or an attractive person of the opposite sex claiming to know us, many of them are now well known and easily identifiable scams. We recognize them and delete them immediately. But every now and again a new one pops up that gives even the most online-savvy pause wondering if it’s legitimate. I received such an email recently from what looked like a PayPal service account that turned out to be an email scam.
I use PayPal regularly for both personal and professional use, so it didn’t surprise me to see an email from service@paypal in my inbox. The contents of the email did surprise me, however. It said that a recent payment could not be processed, and to click on a button to see more details. Being confused, my reflex reaction was to click the button since the email had the PayPal logo on it, and the sender name was one I recognized.
However, before pressing the button, I paused just long enough to do some basic checks that revealed the email was simply a scam:
- Check Sender Address: The name of the sender was service@paypal but the sending address was something completely different. I hit “reply” just to have the sender address displayed, and compared it with a known legitimate email from PayPal. They didn’t match.
- Bad Grammar: Reading the email again very carefully uncovered spelling and grammatical errors. An email from a worldwide company such as PayPal would not have such basic language errors.
- Destination Address Was Hidden: As I hovered over the button I was instructed to press, the destination URL is displayed on the bottom of the screen of my laptop. The URL had been shortened using a tool, making the true destination unknown.
Given these question marks, red flags were going off in my head. Instead of clicking the button, I opened a new tab and logged into my PayPal account and found that there were no outstanding transactions or problems with my account. I deleted the email immediately.
Had I clicked on the button, I likely would have been displayed a page that looked much like the PayPal site and prompted to enter my account user id and password. After doing so, it would have displayed some sort of error that would have frustrated me and made me close the tab and move on. The scammers, however, would have my user id and password. My account would likely have been drained shortly after that.
Always be on the lookout for email scams, even if they appear to come from trusted sources. Scammers don’t have any problems using names and logos to make their email seem legitimate. Following these safety precautions could keep you from losing hundreds or thousands of dollars.
What email scams have you received lately?