Looking at my SPAM filter, I notice that nearly a quarter of my emails appear to be from PayPal. Of course, these are all spoofed to appear that way.
If you get an email from PayPal, DO NOT CLICK ON ANY LINKS IN THE EMAIL!
Instead, fire up your browser of choice, and type in www.paypal.com in the address bar. Nearly all of these emails are fakes. Here’s an example of a particularly tricky one that raised alarms and almost caused a knee jerk reaction till I realized it was a fake. It played upon a simple fear.
You have added
as a new email address for your PayPal account.
If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:
Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the “Help” link in the header of any page.
PROTECT YOUR PASSWORD\
NEVER give your password to anyone and ONLY log in at
Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
PayPal Email ID PP007
This is a standard notice when adding a new email address to your PayPal account. What caught my attention is that the email address has the name brian. My brother is named Brian, so instinctually I wondered if he made a mistake with his own paypal account, adding me as an address.
But soon, I realized that this has to be a scam, simply because EVERY email I seemingly get from PayPal appears to be a scam.
Notice the URL https://www.paypal.com/row/wf/f=ap_email so helpfully included to ostensibly help you contact PayPal customer service. In my email, this was a link. When I hovered my mouse over it, it’s displays a completely different URL at some server with the IP 18.104.22.168. A quick DNS Lookup shows this is not a PayPal server.
In fact, EVERY “link” in this URL points to that IP address, even the word email@example.com which you would expect to be a mailto: link. Very sneaky.