Heads up: PayPal email scam

by Cinda Baxter on September 6, 2012

in Real World, Web

Nearly everyone has a PayPal account, for business and/or personal use. Today, (yet another) scam email landed in my inbox, but this one took a new approach.

This one tricks you into being a good Samaritan. 

Here’s what landed in my inbox:

My reaction: “Huh? I don’t recall an automatic payment coming up.”

So I read the message:

First reaction: “Huh? I paid my VPN service a few months ago, for the entire year.”

Next reaction: “Hang on—that’s not my bank.”

Conclusion: Someone else’s alert ended up in my inbox. Better let PayPal know.

That’s what the scammer is betting on. By providing a handy “Do you confirm this payment” clickable link, they make it easy for well-meaning folks sweep in and save the day, either by denying payment or contacting PayPal about the mis-routed message.


Thankfully, I don’t click email links. Instead, I manually went to the PayPal website, which is when red flags began to appear. You see…I don’t have a PayPal account connected to that email address. Still, not wanting to leave someone else in the lurch, I tried logging into PayPal with this address, using the “Forgot my password” option, in case there was some ages-old account lurking in my past.

Sure ’nuff. No account found. Confirmation this was a scam.

Back to the inbox.

Upon closer inspection, I found a couple of clues that should have tipped me off, had my better side not leapt into “Do unto others” mode.

See that little period at the beginning of the Subject line? PayPal wouldn’t let that kind of typo slide–especially on an automated message that goes out thousands of times daily.

Next, I looked at the message header itself. An even more obvious red flag stood out:

At first glance, it looks good, but…. The domain ends with .co, not .com.


(Sure, the weird dangling m> seems obvious now, but how often do you actually read the “From” address letter for letter? Especially one that normally appears in your inbox?)

For years, I’ve been telling folks to only click email links sent by trusted sources. Lately, my advice has changed—never click links from anyone you have an account with (banks, credit cards, PayPal, Google Checkout, airlines, hotels, electric companies, cable companies, etc.). If you own something of value that the sender oversees—financial, points, credits of any kind—it’s worth the effort to open a new browser window, manually visit their site, and confirm the request is valid.

Otherwise, you might be the one who needs saving.

Nigel Gordijk September 6, 2012 at 9:19 am

Another clue is the email addresses the recipient as “Dear Member”. Web-based services that rely on some level of security – e.g. PayPal, banks, shopping sites – always use the person’s real name. A generic greeting is the first red flag I always look for.

Elizabeth Pickett September 6, 2012 at 10:01 am

Thanks so much for the share The amount of scamming going on out there is amazing!


Jon September 6, 2012 at 10:15 am

Especially with any financial institution, your #1 tipoff should always be a generic greeting “dear paypal user” “dear member” “dear client” etc. Financial institutions have your name and most (if not all) use it in the greeting whenever they send emails. Not a sure-fire way to confirm validity (as phishers may have your name as well), but a quick way to easily spot a scam.

Steven Williams September 6, 2012 at 10:54 am

Thanks for the heads up Cinda!

Mical Dunlop September 6, 2012 at 11:01 am

I appreciate you staying on top of this type of scam, it seems so unfair these days to work so hard for money, only to have some moron wrest it away from you….I also NEVER click on any links, most times I delete them…..if they are serious enough, they will get in touch with you legitimately…

Editor’s note: Unrelated content removed…Mical, please refer to the numerous email responses I’ve sent regarding your request.

Lee Robirds September 7, 2012 at 7:02 am

This happened to me several weeks ago. Received a notice from PayPal to confirm a payment of over $1000. Thinking my daughter might have used my account to purchase something, I almost followed through. But something just didn’t “feel right”, so I used a different computer to verify with PayPal before confirming. Then it hit me ~ the email came in on my work email account, not my personal account that PayPal is connected to. Sneaky!

elli September 22, 2012 at 7:55 pm

was alerted to your page by Lisa of TenTwoStudios .. Thank you both !! I got one of those msgs … BUT got busy and never got back to it … talk about luck !!!

Leave a Comment

Previous post:

Next post: