I just used PayPal to make a payment to someone. I have used PayPal to do this before, but I have never signed up for an account there; I simply used the person’s PayPal link button and entered my card info.
I got an automated e-mail saying “You added a new email address to your PayPal account, but you’re not done yet. Take a minute to confirm this address so we know it belongs to you.”
This has me a bit concerned, especially since I never got an e-mail like this during any of the previously mentioned uses (what makes this odder is that the payment confirmation e-mail seems to tacitly acknowledge that I don’t have an account by suggesting I sign up for one). Does this mean someone opened an account in my name? Is this an indication of some kind of fraud? How can I find out either way?
Try hovering your mouse over the links in the email - especially the main one they want you to click on. The address should appear at the bottom of your browser. It should begin with https://www.paypal.com/ or something like that. Otherwise it is a “phishing” scam.
No, that’s not it; the mail came right at the same time as I made the Paypal payment (and the links did check out anyway, as did the buy now button I used, and I’ve dealt with this person twice already with no problems), so the two acts are directly connected.
Just to be sure, forward it to spoof@paypal.com. They’ll let you know if it’s legit or not. I wouldn’t do anything with it for now, especially since the payment seems to have gone through (assuming it has?).
(Oh and be sure to forward it, don’t copy/paste it.)
So I did that, and I got an e-mail back three minutes later saying that it was a phishing attempt, but that leaves unanswered questions, like how the e-mail just happened to get to me two seconds before I got my payment confirmation with PayPal, and how none of the links (confirmed by cutting and pasting) go anywhere besides https://www.paypal.com (and my browser history also confirms that my PayPal payment was made through the same URL, so I’m fairly sure by now that I made a payment through the “real” PayPal).
I’m still suspicious that there’s an account out there with my name on it (at the least; I don’t know whether it’s in any way further connected to me, or if it’s just someone with my name).
IIRC that’s a normal PP question when making payments especially if you do not have a fully activated PP account. If it only took 3 minutes to get a “that was phishing” reply I would think the response is automated and possibly a false positive if it’s database is not up to date. I would call paypal and talk with a rep. re the origin of the message.