Do you know if it is a fake Paypal Phishing email from service@intl.paypal.com? Paypal scams are very common and we all get phishing paypal emails and it is important to recognise and avoid getting trapped by these fake phishing emails and not disclose your personal information, bank accounts, credit cards details to unknown fraud persons, who harvest private information via fake websites, links and emails.
Analyzing a fake Paypal phishing email
Here is a sample email from Paypal from my Gmail spam folder asking me to send our banking account information. Lets see step by step how many fake things there are in every line.
- Subject – Note that Account is the registered trademark. Spelling of Possible is wrong. The possible fraud phrase implores the readers to definitely open the email.
- Spam X – Gmail recognizes lots of malicious features suggestive of a phishing email, marks it spam and moves it automatically to the Spam folder. Gmail has powerful antispam features which can easily identify fake Paypal emails.
- Email from – Note that though the paypal account email id shows that it originates from from service@intl.paypal.com, if you expand the email headers, it is actually from from service@intl.payspal.com. Note the spelling error – it is payspal.com with an ‘s’. Beware of paypal scam email as it sent from a fake paypal account.
- Warning message – G mail has not only sent the message to spam, but also marked the email as an phishing attempt. This was caught because the ‘From:’ field was manipulated to show a false sender name. The “Learn more” link directs the user to more security information about messages asking for personal information.
- PayPal Notification – Another repetition of the title, note again that Possible is again wrongly spelt.
- Security check – Note the reason. Even you could have used the account from different computers. But it creates a fear of hacking. They are launching an open investigation instead of checking at the backend and statistics. Creating fear for you to send your details.
- Account safeguard – So now they come to the point – they want your bank account details. Why do they need it?
- Complete verification – Again “help speed up” is put in to create a sense of urgency. Note spelling errors again as “cancomplete” has no spacing. They have also put in a long random number so that it creates a sense of authenticity for your account.
- Phishing link – Note that the link does not point to what the url text displays. Which means clicking on the link will take you to another fake website which resembles the Paypal website closely. Once you fill in your bank details there, your financial information is at risk in the hands of fraudsters. Gmail automatically unlinked that link.
- Deadline 48 hours – they create a sense of insecurity and urgency prompting you to take action and click that link. You fear your Paypal account with all its money maybe locked out and act.
- Verification purpose – Just incase you are still not convinced – now they coax you with a bit of courtesy which is expected of any business email. Makes you believe that they are indeed the courteous paypal staff who want to protect your Paypal account.
- Signed by – note another fake brand name “Paypal-Paypal” and again “Account” is registered. The phrase “Security department” now gives more authenticity to a security organization email.
- Copyright – Another fake brand “Paypal Account & Co.”
- Do not reply – click the link, or don’t bother. They do not want you to reply back and cross check. Probably the reply email wont work since the email server configuration will cause the email to bounce back. Anyway the email never reaches Paypal.
- Paypal Banking! – fraud brand name. Account is registered again. Now its the “banking department”, just in case the earlier “security department” didnt interest you.
I hope you learned some new ways to identify fake Paypal phishing emails and not get trapped into paypal scams by revealing your personal and financial secret information. You can report fake sites and phishing emails to paypal. Stay safe and keep reading our blog.