I first started using PayPal along with eBay over a decade ago and found that the combination of online payment with shopping was convenient, fast and secure. There’s only one problem with online payment systems, they are a constant target of hackers trying to steal our identity and money. A phishing scheme is something that looks on the surface like a legitimate request from a trusted vendor, like PayPal, but in fact it is really a disguise for the bad guys trying to gain your username and password. Just this morning I received the following official-looking email:
The logo is an official PayPal logo, but then again anyone can copy and reuse a corporate logo and insert it into an email. Taking a closer look by clicking on the From field in the email I noticed right away that this wasn’t a legitimate message from PayPal:
PayPal doesn’t use an email address of email@example.com, ever. They would use something like firstname.lastname@example.org. PayPal does recommend that when you receive a suspicious email to simply forward it to them at email@example.com.
PayPal does know my real email address, so that should appear in the To field, but in this phishing email it doesn’t:
See how this fake email is using the same address in both the To and From fields? That’s another give away that this is not a legitimate email message.
The final proof of this malicious email is in the big blue button for: Check it Here. By just hovering my mouse over that button I can tell where it links to, and that shows the bogus address:
Certainly PayPal doesn’t use web addresses like www.uptownpaint.com to ask for my login credentials.
Be very hesitant to reveal your username and password for any online account, unless you are 100% certain that it is legitimate. By just checking the email fields like To and From, or the action Button you will protect yourself from a phishing scam trying to steal your identity.