Security

Common Email Scams

Faked Sender Email Address

Fraudsters can easily fake the “friendly name” in the senders email address. In the following example the email address might appear to be from “PayPal Services” but is really from spfr2013qz7@nomail.com.

From: “PayPal Services”<spfr2013qz7@nomail.com>

Some mail readers make difficult to see the real name but if you mouse over the friendly name or click Reply you should be able to see the full name of the sender.

Sophisticated fraudsters can fake the entire name to look like a legitimate sender, though a correct sender address is important it is not enough. You need to look at the entire email and to check your account. To check your account, always enter "www.paypal.com" into your browser rather than clicking on a link in an email.

Here are some common scams where fraudsters use spoofed emails:

"Your account is about to be suspended." Many fraudsters send people spoofed emails to tell them that their accounts are about to be suspended, and that they must enter their passwords in a spoofed webpage. Be careful when you receive any email like this, because this is what many phishing emails say. If you receive any suspect email, report it. This can help keep you and your family secure.

"You've been paid." Some fraudsters use spoofed emails to try to trick you into thinking that you have received a payment. The fraudster wants what you are selling for free. Log into your PayPal account and check that you were paid before you send anything.

"You have been paid too much." Fraudsters may send a spoofed email saying that you have been paid more than what you are asking for. For example, the fraudster sends you a spoofed email that says that you have been paid $500 for a camera that you listed at $300! He then asks you to send him the camera, and the extra $200 that he paid you by mistake-or maybe just $150 as a way to apologize for your extra trouble. He wants your camera and your money. Don't fall for it! Simply log into your PayPal account and check that you were paid before you send anything.

If It Sounds Too Good To Be True, It Probably Is

Advance Fee Fraud. Most of us are careful if a stranger approaches and offers a deal that is just too good to be true. But we are much less cautious online, which puts us at risk. If you get an offer for free money, there is probably a catch. Typically, fraudsters will ask you to send some smaller amount (for taxes, for legal documents, etc.) before they can send you the millions you are promised, but which they never intend to send you. This is called Advanced Fee Fraud or a Nigerian Scam or a 419 Scam. “419” comes from the Nigerian Criminal Code for fraud and many of these scams originate from Nigeria.

Verify through your PayPal Account. For example, if you receive an email that says that you have received a PayPal payment, take a moment to log in to your PayPal account before you send the merchandise. Do this to make sure that the money was really received, and that it was not just a scam email from a fraudster. And remember not to follow links in emails when you log in. The safest thing to do is to open a browser window, navigate to PayPal.com, and log in.

Be aware of telltale signs of fraud. Messages telling you that you won some fabulous prize, but you need to pay a small handling fee to collect the prize are usually a scam. “High-Profit No-Risk” investments are usually scams. Messages that insist you “Act Now!” for a great deal are often scams.

Fake Charities. Scammers will use disasters to trick kind-hearted people into donating to fake charities. These scammers use human suffering to trick people when there is a refugee crisis, a terrorist attack, or a natural disaster like an earthquake, flooding or famine. Thoroughly check the background of any charity to ensure your donation is going to the real victims. Use Internet resources like http://www.charitynavigator.org, http://www.bbb.org/us/charity or http://www.charitywatch.org to vet charities. If a charity does not have a website, you should be very wary.

To learn more about common scams that you should be careful to avoid, search for material on advance-fee fraud. You can also read the FBI's material on common types of scams. But the most important thing is to simply be as cautious online as in the real world.

How to Identify Real PayPal Emails

An email from PayPal will:

  • Come from paypal.com. Scammers can easily fake the “friendly name” but it is more difficult to fake the full name so check the full name to be more certain. A sender name like “PayPal Service zxk1942R3@gmail.com" is not a message from PayPal. But sophisticated scammers can sometimes fake the full name, so you need to look for other clues.
  • Address you by your first and last names or your business name

An email from PayPal won't:

  • Ask you for sensitive information like your password, bank account, or credit card.
  • Contain any attachments or ask you to download or install any software.

Bogus Links in Emails

If there is a link in an email, always check it before you click on it. A link could look perfectly safe like www.paypal.com/SpecialOffers but if you move your mouse over the link you will see the true destination of the link. If you are not certain, don’t click on the link because just visiting a bad website could infect your machine.

If you do click on a link in an email, be sure to review the URL of the site you are at. It is easy for bad guys to clone the look of any website, so you need to check that you are on the correct website.