PayPal phishing email tricks and how to avoid being caught

It’s 2017 and it’s still hard to believe that spammers are trying to compromise your PayPal account with malicious emails and false warnings of refunds, transactions and closed or compromised account warnings.

The general rule of thumb when it comes to phishing spam is to make the email message you receive look as legitimate as possible to convince you to click the links contain within. The most common of these practices is presenting the message in the same format of a standard PayPal email with logo placement, font usage and layout. With these cloaking measures in place how do you tell what is real and what is fake?

To the untrained eye everything may seem ok, but when you know what to look forward you’ll see so many glaring inconsistencies you’ll start to wonder how anyone could possibly fall for this type of spam.

Lets look at a pretty standard phishing PayPal spam email notifying of a transaction made and offering a refund link if it is in fact incorrect.

Upon first look this email looks legitimate and piques your interest in confirming a purchase has already been made, so lets break it down;

• PayPal logo is in place, top left of email
• The format of the email is the same as a normal PayPal notifications
• Senders email address is marked as service@paypal.com

Now lets look a bit harder and you’ll see where the inconsistencies arise;

PayPal logo is old and it’s never inserts their logo directly into the message body, instead they provide a HTML link to display logo back to their domain

Senders email address while marked as service@paypal.com is in fact booking@gnv.it clearly not an authorised PayPal email address

Salutation of ‘Dear user’ is suspicious, PayPal will always address you as your account name

Currency is not of your country of origin and there is no conversion to Australian dollars

URL link to apply for refund goes to https://pavpal-confirme-account.glutenpro.com/webhome/ clearly not a page on https://www.paypal.com/au

No links to PayPal Buyers Protection Resolution Centre or Terms and Conditions

 

Ok now lets look at a valid PayPal email and you’ll see the glaring differences from above;

Upon comparison to above you’ll see that the formatting of the valid PayPal email is presented neater and font usage is universal and has a much nicer look and feel. URL links are in same blue of PayPal logo, not the standard dark blue of regular unformatted links.

• Paypal logo is current and not embedded into email
• Senders email address is service@paypal.com, click Reply to validate and check email is not being spoofed
• Salutation is personally addressed and is that of account name
• Currency of transaction is in USD with conversion to AUD amount
• No text or URL links stipulating application for a refund and attempting to trick you into clicking a false link
• URL links to PayPal’s Buyer Protection, Financial Services Guide and Product Disclosure Statement are clearly marked

As with any transaction processed via PayPal you have full recourse if you have been charged incorrectly or haven’t been provided with the goods you paid for. These refunds should always be processed via logging into your account on PayPal’s website and only when it appears in your transaction list.

Our suggestion is to never and we repeat never click any of these suspicious links and always refer back to your account on PayPal to confirm if any charges have in fact been deducted.