Skip to Main Content

PayPal: Beware the stinking phishing mails

Over the last couple of years PayPal has become the online payment service provider. It has more than 192 million active users and is growing relentlessly. It’s easy to use, mostly risk-free, and widely accepted – at least online.

Cybercriminals know that as well. They are trying to come up with new schemes on how to get to your data, accounts, and of course money. This happens mostly (but not only) in form of fishing mails.

Don’t give away your account data

The latest one in a long line of scam mails is targeting German users, but let’s be honest: The same mails are being sent around in English as well. It starts as most phishing mails do – with a general greeting. Then the mail goes on and tells the user about how the account access had to be limited temporarily because the connected credit card was used illegally. Really, it’s just for the user’s safety.  But do not fret – by clicking on the below link you can confirm that you are the rightful owner and then go on and use your account as before. Wow, what a great service! The user clicks on the link, logs in … and has given his account information to cybercriminals.

The latest German PayPal phishing mail. Source: verbraucherzentrale.de

While the website that opens up when following the link looks just like the official PayPal one it ain’t the real deal. Nonetheless a lot of people still fall for these kind of scams. If you ever see a mail like that in your inbox, delete it immediately. For more information, see our blog on PayPal scams.

How to spot phishing mails

Luckily there is no witchcraft required when it comes to identifying scam mails. Here are a couple of pointers on how you know if the PayPal mail you are looking at in your inbox is real or not:

  • Fake mails usually begin with a generic greeting or say “Hello and_then@your_mailadress.com”. A real PayPal mail will address you by your first and last name – or at least the name you’ve provided in your account.
  • Phishing mails try to play on your emotions. They often tell you, you’ve done great and won something (happiness and eagerness to get your prize) or they create a sense of urgency (your account has been hacked; follow the link ASAP to fix that).
  • They contain links to fake pages. A real PayPal URL will always offer a secure connection and look like similar to this one: https://www.paypal.com/. Everything else is a fake.
  • It includes attachment and wants you to download and / or install them.
  • The mail is riddled with grammar and spelling mistakes. While even an official mail can include a mistake now and then it’s not the norm.

If the mail you have in front of you includes one or more of the above points just delete it. By the way, as PayPal points out “receiving a fraudulent email doesn’t mean that your PayPal account has been compromised” –  so after deleting it you can go on as before.

This post is also available in: German

EMEA & APAC Content Manager @ Norton & Avira | Gamer. Geek. Tech addict.