Ways to Recognize Fake (Spoof) Emails
- Generic greetings. Many spoof emails begin
with a general greeting, such as: "Dear PayPal member."
If you do not see your first and last name, be suspicious and
do not click on any links or button.
- A fake sender's address. A spoof email may
include a forged email address in the "From" field.
This field is easily altered.
- A false sense of urgency. Many spoof emails
try to deceive you with the threat that your account is in jeopardy
if you don't update it ASAP. They may also state that an unauthorized
transaction has recently occurred on your account, or claim
PayPal is updating its accounts and needs information fast.
- Fake links. Always check where a link is going
before you click. Move your mouse over it and look at the URL
in your browser or email status bar. A fraudulent link is dangerous.
If you click on one, it could:
- Direct you to a spoof website that
tries to collect your personal data.
- Install spyware on your system. Spyware
is an application that can enable a hacker to monitor
your actions and steal any passwords or credit card
numbers you type online.
- Cause you to download a virus that
could disable your computer.
- Emails that appear to be websites. Some emails
will look like a website in order to get you to enter personal
information. PayPal never asks for personal information in an
- Deceptive URLs. Only enter your PayPal password
on PayPal pages. These begin with https://www.paypal.com/
- If you see an @ sign in the middle
of a URL, there's a good chance this is a spoof. Legitimate
companies use a domain name (e.g. https://www.company.com).
- Even if a URL contains the word
"PayPal," it may not be a PayPal site. Examples
of deceptive URLs include: www.paypalsecure.com, www.paypa1.com,
www.secure-paypal.com, and www.paypalnet.com.
- Always log in to PayPal by opening
a new web browser and typing in the following: https://www.paypal.com/
- Never log in to PayPal from a link
in an email
- Misspellings and bad grammar. Spoof emails
often contain misspellings, incorrect grammar, missing words,
and gaps in logic. Mistakes also help fraudsters avoid spam
- Unsafe sites. The term "https" should
always precede any website address where you enter personal
information. The "s" stands for secure. If you don't
see "https," you're not in a secure web session, and
you should not enter data.
- Pop-up boxes. PayPal will never use a pop-up
box in an email as pop-ups are not secure.
- Attachments. Like fake links, attachments are
frequently used in spoof emails and are dangerous. Never click
on an attachment. It could cause you to download spyware or
a virus. PayPal will never email you an attachment or a software
update to install on your computer.
|If you receive a spoof email, forward
the entire email - including the header information - to us at:
firstname.lastname@example.org, then delete it from your mailbox. Please note
that the automatic response you get from us may not address you
|To help you better identify fake emails,
we follow strict rules. We will never ask for the following personal
information in emails:
We're dedicated to protecting you.
- Credit and debit card numbers
- Bank account numbers
- Driver's License numbers
- Email addresses
- Your full name
PayPal works hard to educate you on the best ways to recognize and
fight spoof. Learn more about how PayPal
fights fraud for you around the clock.
Steps to take to prevent spoof from affecting you
- Keep your security software current.
Update your firewalls and security patches frequently.
Consider using software from companies like McAfee and
- Monitor your account. Check your account
periodically to see if there is any suspicious activity.
- Change your password often. And, if you
think your security may have been breached, create a new
- Use a unique password. Your PayPal password
should be one-of-a-kind, and not used on any of your other
accounts. A good password contains letters and numbers.
This makes it more difficult for people to guess it.
- Take action. If your information is compromised,
get a fraud alert placed on your credit report.
|Borrowed from a paypal.com
email, June 2005