There are many telltale signs of a fraudulent email.
- Sender's Email Address. To give you a false sense of security, the “From” line may include an official-looking email address that may actually be copied from a genuine one. The email address can easily be altered – it’s not an indication of the validity of any email communication.
- Generic Email Greeting. A typical phishing email will have a generic greeting, such as “Dear User.” Note: All PayPal emails will greet you by your first and last name.
- False Sense of Urgency. Most phishing emails try to deceive you with the threat that your account will be in jeopardy if it’s not updated right away. An email that urgently requests you to supply sensitive personal information is typically fraudulent.
- Fake Links. Many phishing emails have a link that looks valid, but sends you to a fraudulent site that may or may not have an URL different from the link. Always check where a link is going before you click. Move your mouse over the URL in the email and look at the URL in the browser. As always, if it looks suspicious, don't click it. Open a new browser window, and type https://www.paypal.com/il.
- Attachments. Similar to fake links, attachments can be used in phishing emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.