Fake PayPal Scammer
Today when I was cleaning out one of my older Yahoo e-mail accounts I came across this gem of an e-mail.
Every once in a while I’ll receive fake e-mails from companies, and sure enough, somebody was once again trying to exploit PayPal customers. I didn’t know this, but apparently my “account access has been limited” and I’m supposed to click on the link provided in the e-mail to log-in and verify that claim.
Of course, the odds of a link like that going directly to the official PayPal website are next to nothing, if even that high.
Notice how this e-mail was sent by somebody calling themselves “Pay-Pal” and not “PayPal.” The hyphen makes a world of difference between a fake name and a real one. Do take note that adding or removing a hyphen could also refer to an older spelling, like how Walmart once went by Wal-Mart. However, all real company e-mails will have the correct spelling (including punctuation) of the company. Strike one!
Also notice how the e-mail was sent by the e-mail address and not from anybody This was also sent to the address despite ending up in my e-mail account. Strike two!
The biggest indicator that this is an evil e-mail is when you hold your mouse cursor over the link in the message and see where the link really goes. In this case, the link provided will take you to:
http://hunsacom.com/www.paypal.com/home/management/
Notice that this person has “www.paypal.com” as part of the URL (aren’t we clever today?), but the domain is actually hunsacom.com. Strike three!
You’re out!
I have absolutely no desire to click on that link. I don’t want to know what happens at that URL. What I do know is that it doesn’t go directly to PayPal’s website even though these people want you to believe that you’re going there.
On top of those three big indicators, the e-mail itself doesn’t look like anything official that I’ve received from the real PayPal. This is just a weak attempt to steal user names and passwords from PayPal customers, turning around and draining their account.
I don’t want to know how many people are going to fall for this scam. A lot of people have computers and Internet connections these days, and many of them would fall for this type of scam. It looks real enough for enough of them to click the link and type in their user name and password.
The e-mail claims to be from “Pay-Pal,” it uses the official PayPal graphics, and it even has a link that supposedly takes you the official PayPal log-in screen. Sadly, a lot of people will fall for this scam. Even some people smart enough to check the link first will still fall for it because the eye will focus on the “www.paypal.com” part of the URL and not the actual domain just to the left of it. Enough people will think that it’s real enough to click and then type in their user name and password.
Then again, even smart people could fall victim to this scam. It all comes down to treating all unexpected e-mail suspiciously and verifying claims without clicking on links provided to you.
True story:
A few years ago I was working for a small company that sold vast amounts of merchandise through eBay. The boss was a computer whiz and former computer programmer. The company transacted thousands of dollars through its PayPal account.
One day I was working on something in the warehouse when all of a sudden the office manager came through telling everybody that the boss was on edge. Something big happened and he was very stressed out. It turned out that at some point earlier that day, my boss received an e-mail saying that his PayPal account was compromised, and he had to log in and verify its status. He clicked on said link and entered his account info. At some point later he learned that it was a phony link, and he was going crazy that afternoon clearing the cookies and temporary Internet files on his computer, and changing his PayPal password every few hours.
To this day I cannot believe how somebody that smart with computers fell for one of the most obvious scams on the Internet. It’s nothing short of a miracle that he didn’t lose the tens of thousands of dollars sitting in the account.
Folks, if you receive an e-mail like this from any place where you have an account, whether it’s PayPal, an online bank, or even eBay, DO NOT CLICK ON ANY LINK IN THE E-MAIL!
Look closely at the e-mail. Chances are you’ll see a slight misspelling in the company’s name and some grammar problems. It’ll probably look close to a real e-mail from said company, but there will always be at least one small difference or two.
If you want to verify the claim in the e-mail, do so by calling the company’s support phone line directly. Go to the company’s official website or look at a recent billing statement in the mail to find the phone number. Ask them about the e-mail.
If you want to log in to check your online account, close your browser first and delete any unnecessary cookies and temporary Internet files first. Use a fresh browser and go to said company’s website through the official domain, such as https://www.paypal.com/, and then clicking on the “log in” link or entering your account information right there on the main screen. NEVER USE ANY LINK PROVIDED TO YOU IN A SUSPICIOUS E-MAIL!
Real company e-mails will have real links, better grammar and real contact information provided. Scams will display as little information as possible to still make it real enough for most people.