10 Ways To Recognize Fake (Spoof) Emails

Do-It-Yourself Tech eBay & PayPal Privacy / Security

PayPal, one of the leading companies in online payment solutions, has created a very useful resource for understanding “spoof” emails. Spoof emails are most often fake emails designed to look like an authentic request for information. For example, an email stating that you need to update your bank account information by clicking on a link when, in fact, the email is not from your bank and is instead an attempt by a person to trick you into surrendering your personal financial information. As PayPal deals with this issue daily, it has compiled the following 10 ways to recognize spoof emails:

  • Generic greetings. Many spoof emails
    begin with a general greeting, such as: “Dear PayPal member.” If you do
    not see your first and last name, be suspicious and do not click on any
    links or button
  • A fake sender’s address. A spoof email may include a forged email address in the “From” field. This field is easily altered.
  • A false sense of urgency. Many spoof
    emails try to deceive you with the threat that your account is in
    jeopardy if you don’t update it ASAP. They may also state that an
    unauthorized transaction has recently occurred on your account, or
    claim PayPal is updating its accounts and needs information fast.
  • Fake links. Always check where a
    link is going before you click. Move your mouse over it and look at the
    URL in your browser or email status bar. A fraudulent link is
    dangerous. If you click on one, it could:

    • Direct you to a spoof website that tries to collect your personal data.
    • Install spyware on your system. Spyware is an application that can
      enable a hacker to monitor your actions and steal any passwords or
      credit card numbers you type online.
    • Cause you to download a virus that could disable your computer.
    • Emails that appear to be websites.
      Some emails will look like a website in order to get you to enter
      personal information. PayPal never asks for personal information in an
    • Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
      • If you see an @ sign in the middle of a URL, there’s a good chance
        this is a spoof. Legitimate companies use a domain name (e.g.
      • Even if a URL contains the word “PayPal,” it may not be a PayPal
        site. Examples of deceptive URLs include: www.paypalsecure.com,
        www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
      • Always log in to PayPal by opening a new web browser and typing in the following: https://www.paypal.com/
      • Never log in to PayPal from a link in an email
      • Misspellings and bad grammar. Spoof
        emails often contain misspellings, incorrect grammar, missing words,
        and gaps in logic. Mistakes also help fraudsters avoid spam filters.
      • Unsafe sites. The term “https”
        should always precede any website address where you enter personal
        information. The “s” stands for secure. If you don’t see “https,”
        you’re not in a secure web session, and you should not enter data.
      • Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.
      • Attachments. Like fake links,
        attachments are frequently used in spoof emails and are dangerous.
        Never click on an attachment. It could cause you to download spyware or
        a virus. PayPal will never email you an attachment or a software update
        to install on your computer.

Leave a Reply

Your email address will not be published.