20 April 2008
A few days ago, I got a fraudulent email purporting to be from PayPal, which was surprisingly convincing.
The email’s most credible feature was its timing, which coincided with a recent PayPal transaction of mine.
Here’s why I was almost caught out:
- The message was addressed to me, Ian Saxon, not “Valued Customer”
- The email appeared to come from a legitimate PayPal email address (firstname.lastname@example.org)
- The contents were mostly well written. I noticed only four spelling and grammatical mistakes.
- I used PayPal recently, making it plausible that the company would want to check that the transaction was legitimate
…But not quite
The email was certainly not legitimate. Here’s how I knew:
- There were spelling and grammatical errors. Don’t kid yourself – the real PayPal has proof readers
- The email asks me to send photocopies of sensitive stuff (passport, drivers licence, bank statement)
- I was asked to respond to email@example.com, which doesn’t have the usual @paypal.com suffix
- A quick Google search of a section of text in the email yielded warnings of PayPal scams
The most convincing of the evidence against the veracity of the email was #4. Take a look at the results:
To get this, I simply highlighted a portion of the email message (“PayPal is constantly working to ensure security by regularly screening the”), pasted it into Google’s search bar, and hit Search. It works just as well with or without quotes. As you can see, every result was a warning about this scam.
Read more about phishing