Punctuation – note the space in the dollar amount of “$500.“Cancel and claim a refund” seemed odd as well but is designed to scare the reader and encourage them to act.There are probably operators…er…scammers standing by to “help you.” It is the only way to get your login or personal information. Toll-free number – I didn’t call it because THAT is how the hack would happen.Odd phrasing “call us at toll free number” (as a content writer, I would have said “call us at this toll-free number” or “call us toll-free at” but that is just semantics and from a grammar perspective, you should hyphenate “toll-free” as an adjective before the noun “number”).I didn’t know the requestor of the money.And here are the items I identified as being red flags: And this is what the message looked like in the email:Īt that point, I decided to look at the message a bit more closely. I’m using “code” formatting so you can more easily see the punctuation and spacing of this message from the payment requestor. Within the automated deduction of the amount, this transaction will reflect on PayPal activity after 24 hours. If this is not the case, you will be charged $500. If you did not make this transaction, please call us at toll free number +1 (#) #-# to cancel and claim a refund. We've detected that your PayPal account has been accessed fraudulently. Below are the images and the text of the message (I have redacted any contact information to preserve innocence or guilt). I did expand the email address information to see if anything looked odd (these are NOT the full headers for true investigation, though), and they looked fine as well.Ī quick side note here – interestingly, this real PayPal email did have a link to “ Learn to identify phishing,” which actually is a pretty good instructional page.īut it was the message that was contained within the money request that raised all of my red flags and set off alarm bells. So, the email sender had passed my initial sniff test. In this case, the could have easily been faked to (using a number one instead of an “L”). I have seen instances where domains have been created with numbers to look like letters. The sender of the email appeared to be but you can never be sure. Now on to the details!įor me, it all started with an email notification from PayPay titled “You’ve got a money request.” That seemed a bit odd as I didn’t think I owed anyone money. Identical wording as well, just from a different user. If it looks somewhat legit, don’t click on it but instead, go directly to the site manually, log in there, and start your investigation on the valid site! What this PayPal Phishing Scam looked likeįirst, a quick update! As I was putting the final edits on this article, I received yet ANOTHER request. If the email seems to have odd grammar or punctuation, don’t click on it. If you didn’t ask to reset your password, don’t click on it. At work, systems can become compromised, user data stolen, patents taken, and much more, incurring huge capital and operational expenses.īefore going into this PayPal phishing scam, my quick words of advice are, if you don’t know the sender, don’t click on it. Home scams, if you fall for one, can suck your financial accounts dry, lock you out of things, or even encrypt your hard drive and ask for a ransom to unlock it (ransomware). Hopefully, you are well trained on how to look for phishing scams at home and work. Or, they now just forward me the emails asking, “is this a phish?” And I point to strange grammar and punctuation and the originating email being from a generic, non-company email. And, at least at a minimum, they have learned not to click on links in “odd” emails but rather go to the site directly. I have tried to train my parents and family about what to look out for. And this article is about that PayPal phishing scam that truly looked and felt legitimate…because it almost was! This surprised me, so I wanted to investigate it a bit further. And it was a legitimate email originating from within PayPal’s systems. However, this week I received an email via PayPal from a user requesting money from me. What’s a bit scarier to me are some of the social engineering phishing scams that are hitting large corporations like Uber most recently. For the most part, we all see to encounter them regularly, so there has been a lot of education about this type of hacking. I haven’t written about phishing scams in quite a few years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |