Phishing - Examples, Info and Anti-Phishing Tools from PayPal Canada
Your Guide to Phishing
What Is Phishing?
In short, phishing is an attempt to steal your identity. Under false pretenses, criminals try to get you to disclose sensitive personal information, such as credit card numbers, account passwords, or social insurance numbers.
One of the most common phishing scams involves sending an email that fraudulently claims to be from a popular company. However, it can also be carried out in person, over the phone, and via malicious pop-up windows and "spoof" or fake websites.
How It Works
- A criminal sends thousands, even millions, of emails to a variety of people, usually at random. These emails appear to be messages from a popular company. A common example contains a false story designed to lure you into clicking on a link or calling a phone number.
- The phishing email contains links or buttons that take you to a fraudulent website.
- The fraudulent website mimics the company referenced in the email, and aims to extract your sensitive personal information.
In essence, you think you're giving your information to a trusted company when, in fact, you're giving it to a criminal.
How to Spot a Fake Email
There are many signs of a fraudulent email.
- Sender's Address
The "From" line may include an official-looking address that mimics a genuine one.
- Generic Greetings
Be wary of impersonal greetings like "Dear User," or your email address. A legitimate PayPal email will always greet you by your first and last name.
- Typos/Poor Grammar
Emails sent by popular companies are almost always free of misspellings and grammatical errors.
- False Sense of Urgency
Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
- Fake Links
Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don't click.
A real email from PayPal will never include an attachment. Because they can contain spyware or viruses, you should never open an attachment unless you are 100% sure it's legitimate.
How to Spot a Fake Website
Watch out for the following:
- Deceptive URLs
Some criminals will place a fake browser address bar over the real one, so it appears you're on a legitimate website. But even if a URL contains the word "PayPal," it may not be a PayPal site.
- Examples of fake PayPal addresses:
- Always log in to PayPal by opening a new browser and typing in the following: https://www.paypal.ca.
- The term "https" should precede any Web address (or URL) where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure Web session, and you should not enter your information.
- Examples of fake PayPal addresses:
- Lock icon in the wrong place
Look for the secure lock icon in the status bar at the bottom of the browser window. If you see it inside the window, close your browser because you may be on a spoof site.
Legitimate PayPal Emails
Be Smart and Stay Safer
Here's a good rule to remember:
Never click on a link in an email that requests personal information.
Any time you receive an email about your PayPal account, the safest and easiest course of action is to open a new browser, type in https://www.paypal.ca, and log in to your account directly.
Information PayPal will never request in an email:
- Credit card numbers
- Bank account numbers
- Driver's license numbers
- Social insurance number
- Email addresses
- Your full name
How to Combat Scam Emails and Sites
It's important to remember that when it comes to phishing, you are in control, as long as you do not provide sensitive information, click on suspicious links, or open unknown attachments.
How to Report a Phishing Email
- Forward the entire email to firstname.lastname@example.org.
- Do not alter the subject line or forward the message as an attachment.
- Delete the suspicious email from your email account.
We'll send you an email response to let you know if the email is indeed fraudulent. In the meantime, don't click on any links or download any attachments within the suspicious email. When you report suspected fraud, you're doing your part to help protect the whole PayPal community.
Take a look at our suite of special tools designed to help keep you protected from identity thieves.
- Iconix Email Identification
Try this fast, free, and convenient way to see whether a "PayPal" email is genuine.
- Safe Password Checker
Create highly secure, random passwords using unique combinations of uppercase and lowercase letters, numbers, and symbols.
- Security Key
If you want an extra layer of protection at log in, the Security Key gives you a unique code to type in along with your user name and password.
More Ways to Stay Safer
- Monitor your PayPal account
Check your account periodically for suspicious activity. If you notice any unauthorized use, report it immediately, and remember: PayPal protects you with $0 Liability for Eligible Unauthorized Transactions.
- Keep your security software current
Make sure you're using the latest version of your browser, and that your firewalls and security patches are set to update automatically.