A convincing con

20 April 2008

PayPal fraudulent email

A few days ago, I got a fraudulent email purporting to be from PayPal, which was surprisingly convincing.

The email’s most credible feature was its timing, which coincided with a recent PayPal transaction of mine.

Close…

Here’s why I was almost caught out:

  1. The message was addressed to me, Ian Saxon, not “Valued Customer”
  2. The email appeared to come from a legitimate PayPal email address (service@paypal.com)
  3. The contents were mostly well written. I noticed only four spelling and grammatical mistakes.
  4. I used PayPal recently, making it plausible that the company would want to check that the transaction was legitimate

…But not quite

The email was certainly not legitimate. Here’s how I knew:

  1. There were spelling and grammatical errors. Don’t kid yourself – the real PayPal has proof readers
  2. The email asks me to send photocopies of sensitive stuff (passport, drivers licence, bank statement)
  3. I was asked to respond to security@paypalfraudchecking.com, which doesn’t have the usual @paypal.com suffix
  4. A quick Google search of a section of text in the email yielded warnings of PayPal scams

The most convincing of the evidence against the veracity of the email was #4. Take a look at the results:

Email from my bank after I changed my password

To get this, I simply highlighted a portion of the email message (“PayPal is constantly working to ensure security by regularly screening the”), pasted it into Google’s search bar, and hit Search. It works just as well with or without quotes. As you can see, every result was a warning about this scam.

Read more about phishing

1 Comment »

  1. Pingback by A convincing con | Conning Us — 20 April 2008 @ 2:06 pm

    […] See the rest here: A convincing con […]

RSS feed for comments on this post. TrackBack URI

Leave a comment