Having just signed up with PayPal I have been paying close attention to emails I receive whenever I modify details on my account.
While I was scouring my Gmail Spam folders for emails that may have been inadvertently caught, I found one that should be a great concern to other PayPal users like me. It’s an email message that looks exactly like official correspondence from PayPal, but on closer scrutiny proves to be a phishing scam.
Phishing is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords and the like.
This particular email apparently from PayPal aroused suspicion as soon as I saw it.
- Reason #1: I did not register for PayPal with my gmail account.
- Reason #2: The link URL’s that show on my browser’s status bar tell me that the links embedded in this email are NOT authentic PayPal links, but were made to appear like they are.
One thing I do before I click on anything is look at my status bar. That’s the border at the bottom of your browser, which may or may not be there depending on your browser’s settings. To make it visible in Firefox, click on View on the menu and make sure that the Status Bar is active. Then mouse-over (or hover your mouse pointer WITHOUT CLICKING on the link) the link that you would like to check out. In the screenshot I provide above (click on the small picture to see a bigger version) you will see the link on the status bar is NOT an authentic PayPal link (note the absence of the www.paypal.com immediately after the http:// but one that will take you to
I stopped right there, didn’t even click on the link. And neither should you.
Find the “Report Phishing” button on your email service and click on it while you are in that particular phishing email. On Gmail this has the effect of removing any clickable links on the email thus making it “safe”. It also shows a message that the email and its sources have been submitted for investigation. If you are a PayPal account holder, the “Protect yourself from fraudulent emails” article in the Security Section is worthwhile reading.
Some of us may remember the Metrobank phishing scam of 2005. We should know better by now.