It’s 2017 and it’s still hard to believe that spammers are trying to compromise your PayPal account with malicious emails and false warnings of refunds, transactions and closed or compromised account warnings.
The general rule of thumb when it comes to phishing spam is to make the email message you receive look as legitimate as possible to convince you to click the links contain within. The most common of these practices is presenting the message in the same format of a standard PayPal email with logo placement, font usage and layout. With these cloaking measures in place how do you tell what is real and what is fake?
To the untrained eye everything may seem ok, but when you know what to look forward you’ll see so many glaring inconsistencies you’ll start to wonder how anyone could possibly fall for this type of spam.
Lets look at a pretty standard phishing PayPal spam email notifying of a transaction made and offering a refund link if it is in fact incorrect.Upon first look this email looks legitimate and piques your interest in confirming a purchase has already been made, so lets break it down;
- PayPal logo is in place, top left of email
- The format of the email is the same as a normal PayPal notifications
- Senders email address is marked as email@example.com
Now lets look a bit harder and you’ll see where the inconsistencies arise;
Ok now lets look at a valid PayPal email and you’ll see the glaring differences from above;Upon comparison to above you’ll see that the formatting of the valid PayPal email is presented neater and font usage is universal and has a much nicer look and feel. URL links are in same blue of PayPal logo, not the standard dark blue of regular unformatted links.
- Paypal logo is current and not embedded into email
- Senders email address is firstname.lastname@example.org, click Reply to validate and check email is not being spoofed
- Salutation is personally addressed and is that of account name
- Currency of transaction is in USD with conversion to AUD amount
- No text or URL links stipulating application for a refund and attempting to trick you into clicking a false link
- URL links to PayPal’s Buyer Protection, Financial Services Guide and Product Disclosure Statement are clearly marked
As with any transaction processed via PayPal you have full recourse if you have been charged incorrectly or haven’t been provided with the goods you paid for. These refunds should always be processed via logging into your account on PayPal’s website and only when it appears in your transaction list.
Our suggestion is to never and we repeat never click any of these suspicious links and always refer back to your account on PayPal to confirm if any charges have in fact been deducted.