I got one of those PayPal spoofing emails and I wanted to share it. Let’s be clear, this email is not from Paypal. It’s a fake, designed to steal your info. If you’re ever unsure about anything you get from either eBay or Paypal, forward it to firstname.lastname@example.org or email@example.com and they’ll verify for you if it’s real or not.
I know people fall for these all the time and have had friends do it with drastic consequences so I thought we’d take a critical eye to one of these scams to help you avoid it. While most of the things I’ll point out below alone don’t automatically mean you’re looking at a scam email, each one is a red flag to help you figure it out.
Anyway, let’s look at this email:
Subject: A brief review
PayPal Security Department <firstname.lastname@example.org>
For starters, any email coming from PayPal is going to come from a paypal.com email address. While this can be faked, so it shouldn’t be your only determining factor, it’s a dead giveaway if the sender isn’t emailing you from the base domain.
Recipient: Valued PayPal Customer
A real PayPal email would be addressed to the name registered on your account. The fact that this one doesn’t address you by name is another red flag.
We regret to inform you that your account have been limited.
I regret to inform you that your grammar skills have been limited. Notice how it says “have been limited” above when it should be “has been limited.” Spelling errors and grammar mistakes are another easy way to tell you’re looking at a fake.
When your account access is limited by PayPal, it means that you won’t be able to do certain things with your account; you might not be able to send or withdraw money temporarily.
Another grammar error: “When your account access is limited by PayPal” is passive voice (versus “When PayPal has limited your account access”), something you usually wouldn’t see from a professional email. They follow this up with a very vague sentence, especially since they define those “certain things” in the next line, which is something else you’d be unlikely to see in a real email where presumable they have a real writer composing the message.
When we limit an account we are often simply asking the account holder to supply information to verify their identity.
Please open the form (attached) that we have provided for you.
After verifying your account through the form, PayPal will restore your access back to normal.
Big red flags here because any legitimate PayPal email would direct you to the official secure website to provide any info and not ask you to click on some sketchy attached form. The form itself is an HTM file (which is website file), another red flag, as simply clicking on it could install malware or other unwanted programs on your computer leading to future issues. So, not only would you be giving a scammer your PayPal info, you’d also have the potential for spyware or other nasty programs that could lead to additional identity theft on other platforms in the future.
Thank you in advance for the information you may provide with us.
Account Review Team
That closing reads weird but the fact that this isn’t actually signed by PayPal is another sign we’re dealing with a fake.
Easy enough, right? But some fakes are more obvious than others. When in doubt, always forward the email to spoof@ first and wait for confirmation that it’s legit before acting AND log directly into the Paypal website by typing https://www.Paypal.com into your browser and double check the messaging in your account. If an email is telling you you’re suspended while your actually account looks fine, chances are you’re looking at a fake.