“You sent a payment of…” Have you received this email from PayPal for an eBay purchase you didn’t make? I did. And it stopped me for a few minutes because I don’t shop on Ebay. And I typically don’t send money via PayPal. Normally, I would mark the PayPal eBay email as spam and trash it immediately. But, there were enough things about this one to make me curious.
A close look at the PayPal eBay email
- The email had the correct PayPal logo and a generally professional appearance. However, the real tipoff was the spelling in the salutation—Dear Costumer. Unless I’m mistaken, this isn’t Halloween and I’m not attending a masquerade ball.
- The return address was faked perfectly. On the email I received, it was impossible to tell it wasn’t from PayPal without looking at the message source.
- Supposedly, I purchased an Officiel Samsung Gear VR Oculus something-or-other for $185.00. The sender should have checked his math because the total was listed at $152.00.
Why the PayPal eBay email is dangerous
The email includes an invoice number along with a link to cancel the payment. Instinctively, many people might be tempted to click the “cancel payment” link. Taking this action, however, is exactly what the scammers want recipients to do. The website for the link in the email I received is now blacklisted, but it has likely already been replaced by a new URL.
Two lessons to take away
Phishing emails all follow the same pattern, provide some sort of bait, entice the recipient to click a link, then steal information on a bogus website. So, while the spammers’ tactics change, the intent does not. It also means the same two solutions will not fail you.
- Be skeptical of all email you’re not expecting. Whether it’s from PayPal, eBay, or a good friend, if you weren’t expecting the email, check it out very closely before you trust.
- Never click a link in an email you can’t trust completely.
The rules are simple, but they will keep you safe from these kinds of scams.