Thursday, September 6, 2007

Fake PayPal Email

Last night I was checking my emails when this legitimate-looking email from paypal caught my attention with a subject line "Your payment has been sent". It's so enticing to open it ASAP and the obviously fradulent charges will alarm you into quickly hitting the "Dispute Transaction" button. At first I start freaking out thinking some jackass hacked my account, so I did clicked the button before realizing it is a scam when I noticed its odd URL:
( don't try it!).
Surely enough it's not a paypal site. So, I immediately forwarded that link to, which promptly confirmed it was a scam. Internet thieves are becoming more sophisticated, they even used my real!

Below is a side by side comparison of a legitimate email from paypal and the fake one. Remember that they can easily change the subject line though to make it more real, so be careful.
legitimate emailfake email
Here are some tips :
  1. Always remember, a fraudulent (spoof) email may use a forged email address in the "from" field and this field is easily altered.
  2. Also remember that they may use your real name, therefore if you see your name, it doesn't mean it's legitimate.
  3. They try to deceive you with the threat that your account is in jeopardy if you don't act on it immediately.
  4. Mouse over a link before clicking it and look at the URL in your browser or email status bar. A fraudulent link is dangerous because it could direct you to a website that tries to collect your personal data (phishing) or install/download a malicious malware (spyware, virus, trojan, etc.). To be safe, never click on a link within your email but rather open a new tab or browser and directly type in the PayPal URL: Note that it's "https" not "http" and "s" stands for "secure".
  5. Remember: PayPal never asks for personal information in an email.
  6. Forward the link to Paypal's fraud team at:, then delete that email from your mailbox.
  7. If you think your account is already compromised, immediately use another computer and check your account history, change your password (use a combination of upper and lower-case letters, numbers and special characters), and call the financial institution involved to block any fraudulent transactions.
  8. Update your anti-spyware and anti-virus softwares and run a thorough check (I use Avast, Ad-Aware and Spybot). Also delete all the cookies.
  9. Don't be a victim. Be vigilant and spread this information to help fight spoof.
Here's the actual email I received. Note that the scammers' email address is <>. The legit PayPal address is <>. See the difference? You can click on the image to enlarge.
fake paypal email

Additional reading: Protect Yourself from Fraudulent Emails