Help combat fraud and simply forward your suspicious email to email@example.com. If you see anything that looks out of the ordinary, which includes suspicious looking emails and websites), tell them and they will investigate. Suspicious emails can be in the form of phishing, which is an illegal attempt to fish and get your private, sensitive data.
One of the most common phishing scams involves sending an email that fraudulently claims to be from a well-known company like Paypal. If you believe you have received a phishing email, you should
- Forward the entire email to firstname.lastname@example.org.
- Do not alter the subject line or forward the message as an attachment.
- Delete the suspicious email from your inbox.
Paypal will look into it and email you a response to let you know if it is indeed fraudulent. In the meantime, don’t click any links or download any attachments within the suspicious email.
The phishing emails often lead you to fake or spoof websites in an attempt to steal your private, sensitive data. These could look very unusual and not fit with what you expect an authentic, credible company would do.
The email may sometimes appear genuine, but ends up having a suspicious URL in the web address bar. If you believe you landed on a spoof website, do not enter any information.
To stop these criminal activities online, all you need to do is copy the website address and then paste it into an email message. Send the email to email@example.com. With this simple action, you will help in keeping our entire web community safe.
However, spam can be more than just annoying. It may contain suspicious content. Check with your service provider to find if it will let you report spam by simply forwarding the message to a certain number and if this service is supported.
What is phishing?
Phishing is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive personal information, such as credit and debit card numbers, bank information, account passwords, or Social Security numbers.
One of the most common phishing scams involves sending an email that pretends to be from a well-known company. However, it can also be carried out in person, over the phone, via malicious pop-up windows, and to spoof or fake websites.
How phishing works
- A criminal sends emails to people that appear to be from a well-known company. A common tactic involves a made-up story designed to lure you into clicking on a link or calling a phone number.
- The phishing email may ask you to fill out a form, or click on a link or button that takes you to a fraudulent website.
- The fraudulent website mimics the company referenced in the email, and aims to trick you into volunteering sensitive, personal data.
In essence, you think you’re giving your information to a trusted company when, in fact, you’re giving it to a criminal. Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malicious software or malware.
Phishing scams almost always imitate a well-known company complete with company logos, official looking email templates, or scripts that are similar to genuine communications but there are a number of hints that can help you tell the difference.
- An account related email will always address you by your first and last name or business name as it appears on your account. For example, if you signed up as JOHN SMITH (all caps), emails will be addressed to JOHN SMITH, not John Smith, john smith, some other variation, or customer.
- Spelling and Grammar: Are there mistakes or odd wording?
- Closely examine links: hover your mouse over the link. Does the link in the email match what appears when the mouse is hovered over it? If not, don’t trust it!
- Attachments. Were you expecting an attachment from PayPal? Do the file name and extension match what you were expecting? If not, don’t click!
- Threats or a sense of urgency. Scammers may claim that your account has been breached and will be closed unless immediate action is taken. Anything of true importance can be verified by opening a new browser window and logging directly into your account at www.paypal.com.
If you’re not sure whether a PayPal email is legitimate or not, here is what you do – don’t click on any link in the email. Instead, go to PayPal.com and log in. If there is any urgent message for you, you will see it here. Here are some examples of fake emails:
You receive an email stating: “Your order #ZK04769 is confirmed for shipment tomorrow. Please click here to review the shipping details.” But you never placed an order, so you click on the link and login to see what it is. Only later do you realize that the link took you to a bogus website.
You receive an email stating: “We have noticed suspicious activity on your account. Please click here to review your recent transactions.” Once again, the link takes you to a page that looks correct but is really a bogus link.
“We would like to offer you a special $50 coupon for being such a good customer. This offer is limited to the first 100 people so click here immediately to claim your reward.” Instead of a reward, you are directed to a fake website where you might give up your account ID and password which the scammers can then use to spend from your account.
Further reading, https://www.paypal.com/us/webapps/mpp/security/report-problem
What is smishing?
Phishing can come through your phone via voice or SMS. Smishing is when a scammer sends an SMS message to your phone number with a bogus phone number or URL. The message is usually urgent like:
“Your PayPal account has been suspended due to suspicious activity. Please contact us immediately at 1-408-123-4567. It is imperative that we speak to you immediately.”
“PayPal: You spent $1293.17 USD at The Home Depot. If you did not make this transaction please call us immediately at 1-408-123-4567. Thank You.”
If you call the number, you’re confirming that you have a PayPal account. You’ll be talking to a fraudster who will ask for your account information so he can steal from your account.
Similarly, a URL link in a text message on a smartphone could be bogus.
“PayPal: You spent $1293.17 USD at The Home Depot. If you did not make this transaction please login at paypal.mobileservice2013.com/txn?id=178948 to stop this transaction. Thank You.”
What is vishing?
Fraudsters sometimes use an automated system to make voice calls, reporting urgent account problems and asking for account information. This is called Vishing. Here’s an example of what a vishing call might sound like:
“This is PayPal calling about a possible fraudulent transaction on your account. Please enter your PIN now to hear the transaction details. We need your immediate response to block this transaction.”
When users enter their PIN or password, scammers get vital information to access the account. So never provide any account information unless you initiated the phone call.
Caller ID can’t be trusted. Even if the Caller ID says “PayPal,” it’s not enough for you to trust the call. Scammers can easily fake a Caller ID, and it’s impossible to be sure the call is coming from where it says it is.
Sometimes automated calls will ask you to call back. They leave a number or make it simple to click-call from your smartphone. Don’t call these numbers. If you need to contact us, visit the Contact Us link on any PayPal page for the real phone number.
Note the bogus URL in the message. You should be suspicious of text messages containing links. If you are ever in doubt about the validity of a link, manually type www.PayPal.com into your browser to log in.
If you come across a suspicious link or website, tell us. Just copy and paste the site’s URL into an email message and send it to firstname.lastname@example.org. Our security experts will investigate, and if it’s a bad website, we will get it shut down. Reporting a suspicious link helps protect yourself and other people too.
If you fall for phishing, vishing, or smishing
There are plenty of clever scam attempts, and new ones are being created all the time. So, despite your best intentions, it could still happen. If you think you may have fallen for a scam, here are some steps to protect yourself
- Run an anti-virus scan on your system to make sure that you didn’t pick up a virus. Make sure that your system and anti-virus software are up to date.
- Change your account password, PIN, and security questions immediately. Do this for your PayPal account, email account, and other online accounts.
- Check your online account statement vigilantly over the next few weeks (and months) for unexpected actions.