Fake messages are designed to trick you into revealing personal information, such as your login details for a website. It might be PayPal, but it could be an eBay, iTunes, Google, or Microsoft login. It is called phishing.
Once the sender of the email has your login details they can empty PayPal and bank accounts of money, buy goods, send emails and much more. The consequences can be serious and you need to take care not to be tricked by these messages.
The fact that messages like the ones shown below are still being used must mean that they are still working for scammers.
Beware: No name and bad English
Take a close look at the following email. It is typical of the sort of message you might see in your inbox.
The greeting is ‘Hello PayPal User’. This is a dead giveaway. Fake emails do not contain your name, but real emails are addressed directly to you.
Look for bad English. The word ‘informations’ is wrong and it is wrong not only in the title, but also several times in the text. There are other mistakes in the text too.
We all make typing slips when writing emails, but a message from a company like PayPal will have been checked by several people to ensure that it is correct. Bad English means the message is fake.
Wrong links raise suspicions
Buttons and links in a fake email use strange URLs that immediately raise suspicions. Let the mouse hover over a button or link, but do not click it. If you are using a browser, in the bottom left corner of the window is the URL.
If the URL displayed is not one you recognise, the email is a phishing scam. Some real emails use strange URLs, so it takes a bit of experience to spot a fake. A bit,ly shortened link is suspicious, so are strange domains.
Report phishing scams
You might be able to mark or report phishing emails and the features depend on the email system that is being used.
If you are using Outlook.com for example, click the arrow to the right of Reply and select Phishing scam on the menu.
Check who sent the email
This feature depends on the email provider, but Outlook.com and Gmail are similar. Mouse over the sender and a card is displayed containing more information, such as the sender’s email address.
If the sender is not who you expect, be very suspicious. It is not PayPal in this email.
Dear user - they don't know your name!
Here is another email that is supposedly from PayPal. It begins with ‘Dear PayPal user’, so it is clearly not a real email because the real PayPal always includes my name.
The English is correct and it reads like a real message. Perhaps it was copied from a real PayPal email.
Letting the mouse hover over the link displayed a bit.ly disguised link in the bottom left corner of the browser. Disguised and shortened links are not used in real emails.
Although the examples used here are about PayPal, you could get fake messages pretending to be from a wide range of companies. Use the same techniques to tell whether they are real or not.