As I’m sure is true of most of you, I get multiple phishing/scam emails per day, most of them laughably crude that end up in the spam folder.
This one was pretty good and made it past gmail’s filter. The return address was “service@paypal.com” with no obvious altered characters and the language is colloquial American English. Of course, when I went to my PayPal account (accessed through Chrome, not from the email) there was no such charge on my account.
The giveaways that this is bogus:
It’s addressed to “PayPal User” even though the fine print at the bottom of the message says helpfully: “Emails from PayPal will always contain your full name.”
The message says I’d better do something about this RIGHT AWAY otherwise they will charge me even though they know it is fraudulent.
Anyhow, I’m sure no one on this Board would be taken in but if you have less wary friends/relatives you might urge them to increase their vigilance.
A claim the account was accessed fraudulently yet leaving open that you did make the transaction.
Telling you to log in for a refund even though the 600.00 hasn’t been charged.
Since when does a transaction take 24 hours to show up?
The writing is a bit weird in places:
‘Billing Department of PayPal’
‘Within the automated deduction of the amount this transaction will reflect on PayPal activity’ - is not something PayPal would write.
Yep. $600 USD = 600 square dollars. Common scammer error.
This, I think, is the thing that people need to learn to be alert about. Instructions in emails to click a thing are not to be trusted, especially if they say they are urgent, or threaten some dire outcome.
Trust should only be granted at the end of a process of rigorous and harsh scrutiny.
Le sigh. I never get emails like this, nor do I get telemarketers ringing me from Bumfuckistan or elsewhere! I feel so, well, alienated. Am I not worthy of being scammed? Fuck’s sake.
Most large organisations employ DKIM and SPF on their mail servers, which are fairly effective at preventing people from spoofing the ‘from’ address in an email, but the problem with these technologies is that they are optional - so in the case of the PayPal thing:
Your mail server receives a message that claims to originate from paypal . com - the receiving server can check DKIM and SPF, and, based on that information, establish that the message did indeed originate from an official source, however…
If the domain does not have DKIM and SPF set up, there is nothing to check, and your mail server may simply receive the message at face value.
But PayPal definitely has these measures in place, so it not possible to spoof the originating domain - however, what spammers sometimes do is to replace one or more of the characters in the domain name in the From address, with something that looks similar, for example an uppercase i looks like a lower case L; a Cyrillic or Greek letter (equivalent to)R looks like a roman letter P.
If the From address is actually (for example) service@paypai.com, your mail server will query the DKIM/SPF for ‘paypai’ not ‘paypaL’ - and if that domain doesn’t exist, or has nothing set up, the assumption is that the message is OK.
In a nutshell, the problem is that the security model is ‘trust unless proven false’, because it was added onto a system that still needed to continue working without the security. A better model would have been ‘deny trust until proven true’, but that would break email overnight, until everyone configured their setup.
Yeah, I subscribe to your channel (thank you ). The “l” (lower case L) might really be an “I” (upper case i) but I don’t know how to tell from looking at the headers.
I’ve gotten quite a few of these. I knew immediately that they were bogus because they come to my junk email address that I NEVER use with PayPal (or indeed with any financial transactions).
I forward them to “spoof@paypal.com.” I suggest others do that, too.
I didn’t read every word of the thread. Apologies if someone else already suggested this.
). The “l” (lower case L) might really be an “I” (upper case i) but I don’t know how to tell from looking at the headers.