420 Design Blog
Avoiding those “phishing” scams
29 Aug 2007 | Angie H
Like most people, I have a PayPal account. Last week I received an email from what looked like PayPal. I actually let it sit in my inbox for a while because I couldn't decide whether to open it or not.
My gut told me it was a scam - the subject line, "Update Your Account" was a bit of a hint. (Most companies like PayPal and credit card companies won't ever ask you to update your account like that.)
Today, however, I got curious. So I opened it:
For about a split second it looked legitimate. But upon further inspection it was clear that it wasn't.
To begin with, the last time I got an actual legitimate email from PayPal (which was announcing that they're going to redesign the site) there were no images.
Then the funny figure right in front of "Your Account" was another red flag. Any large company like this would have double-, triple- and quadruple checked spelling, grammar, typos, etc.
And lastly, the "NOTE" at the bottom was rather suspicious.
Instead of deleting the email immediately though, I decided to poke around (at the risk of putting my email address in the nasty hands of spammers). So I clicked on the first link ("new Identity Protection area"):
Surprise, surprise. Two major things going on here. First, if the email had been legit, then it would have gone to a legit PayPal page. Second, take a look at the URL:
That's not a URL that belongs to PayPal.
Now, had that URL been working, it likely would have contained a page that looked like PayPal. And the page probably would have contained a form asking for your login credentials. An unsuspecting, innocent person would have then been giving their financial info to some low-life who would then proceed to use that info for their own gain.
So the lesson here is to be careful when you get emails from PayPal, your credit card companies, or any site you do business with online that holds any financial information. Most of them have pages on how to tell the difference between them and legit emails, such as this one on PayPal's site.