With another PayPal email scam making the news, let’s talk about how to tell if the email is legitimate.
When it comes to criminals impersonating companies, PayPal has got to be near the top of the list. The payment service is regulrly spoofed in emails, has its website spoofed and gets its name dragged into all range of malfeasance by ne’er-do-wells the world over.
Part of that is owed to PayPal’s ubiquity. No matter where you live, chances are you’ve heard of PayPal.
So, it should come as no surprise that once again, PayPal is in the news as cybercriminals send spoof emails aimed at infecting computers with Trickbot malware.
As first reported by My Online Security, people should be on the lookout for an email claiming to originate from Service@PayPal.com, with the subject line “PayPal account warning.” The email includes an infected word document, posing as a Data Verification Form, which delivers the Trickbot banking trojan.
The email actually originates from a look-a-like domain, firstname.lastname@example.org, that can potentially be mistaken for the genuine article. Here’s a screen shot of the email.
Now, if we’re being honest this is a bad spoof email. Hopefully, anyone with a discerning eye could take one look at this and figure out that it was fake pretty quickly.
For starters, the actual email address doesn’t match the address shown as the sender. Beyond that, there is no header, no footer, the line breaks are odd, the English is unnatural, though, to their credit they did at least list the correct address for PayPal’s San Jose headquarters.
Obviously, it goes without saying that if you get an email like this, you shouldn’t open it.
But what if the email looked a little more convincing? What if this was a passable imitation? How can you tell if PayPal really sent an email? Here’s how…
How to tell if an Email really came from PayPal
Straight from PayPal itself, here’s how to identify a real PayPal email:
- An Email from PayPal will always come from paypal.com, as you can see in the example above, it’s easy to fake the friendly name, but the full address can’t be spoofed. So regardless of what the friendly name may say, always check the address that the email was sent from. If it originates from any domain other than PayPal.com, it’s not authentic.
- An Email from PayPal will always address you by your first and last name, or your business name. Going back to the earlier example again, “Greetings, Dear Client” is definitely not something PayPal would say. In fact, I’m pretty sure you’d have to go back to Charles Dickens’ England to hear anyone say that in polite conversation.
That being said, PayPal will NEVER:
- Send an email asking you to confirm or supply sensitive information such as a password, banking information or debit/credit card data.
- Send an email containing any attachments.
- Send an email asking you to download or install software.
Here’s a good rule of thumb, if you’re unsure if an email is actually from PayPal, go to the PayPal website and log in. If PayPal really was trying to communicate with you, chances are you’ll see something when you log in. If not, just disregard.