Below is a side by side comparison of a legitimate email from paypal and the fake one. Remember that they can easily change the subject line though to make it more real, so be careful.
- Always remember, a fraudulent (spoof) email may use a forged email address in the "from" field and this field is easily altered.
- Also remember that they may use your real name, therefore if you see your name, it doesn't mean it's legitimate.
- They try to deceive you with the threat that your account is in jeopardy if you don't act on it immediately.
- Mouse over a link before clicking it and look at the URL in your browser or email status bar. A fraudulent link is dangerous because it could direct you to a website that tries to collect your personal data (phishing) or install/download a malicious malware (spyware, virus, trojan, etc.). To be safe, never click on a link within your email but rather open a new tab or browser and directly type in the PayPal URL: https://www.paypal.com. Note that it's "https" not "http" and "s" stands for "secure".
- Remember: PayPal never asks for personal information in an email.
- Forward the link to Paypal's fraud team at: firstname.lastname@example.org, then delete that email from your mailbox.
- If you think your account is already compromised, immediately use another computer and check your account history, change your password (use a combination of upper and lower-case letters, numbers and special characters), and call the financial institution involved to block any fraudulent transactions.
- Update your anti-spyware and anti-virus softwares and run a thorough check (I use Avast, Ad-Aware and Spybot). Also delete all the cookies.
- Don't be a victim. Be vigilant and spread this information to help fight spoof.
Additional reading: Protect Yourself from Fraudulent Emails