Australians might wake up to another scam attempt this week, as a PayPal scammers make a grab for account details. How can you spot a phishing email?
There’s no shortage of scams or scammers, and criminals will do whatever they can to convince regular people that their emails are the real deal. These attempts at scamming you out of money and identity can be thwarted all too easily, of course, but you have to know what you’re looking for.
But if you don’t know what to look for, and if you simply click without thinking, you could also all too easily fall down a trap set out by a scammer.
That’s a risk for anyone, because scammers are getting better at running scams, and email phishing attempts are becoming more convincing. The simple fact is that anyone can fall for a scam, and while you used to be able to tell a phishing email from the horrible grammar and wording scammers would use, these days it’s getting a little more difficult.
Criminals appeared to have bought a dictionary, and are now spelling things properly, mimicking the real emails and able to create a sense of legitimacy with their forgeries. Just look at one of the emails a reader caught recently:
It’s not a bad attempt by a scammer at all, but there’s always a dead giveaway, and it’s the same one that we’ve seen time and time again in every phishing email attempt.
What to look for in a dodgy phishing email: the sender
The most obvious sign that something is wrong with an email is to check who sends you the email, because it’s something a scammer cannot fake. Typically, they don’t try, but we have seen occasions where they do, so the logic for who sends you the scam typically goes like this:
- You’ll either receive it from a random email address, or
- You’ll receive it from an email address with similar spelling that isn’t the same
The first is the most common approach, and it’s what the Pickr reader (whose name and email we’ve blurred) ended up seeing, with a random email address.
This isn’t an official PayPal address, because scammers can’t just use that. They’d need access to PayPal’s email system to make that work, and because they don’t have a PayPal address, can’t send it from a legitimate PayPal email address.
The other option is another way scammers can trick, with a similar website name they’ve purchased, which is often just different enough to confuse readers enough so they click without thinking. In the short space of time, it might be enough to convince them the site they’re at is legitimate, even if it displays all the hallmarks of a phishing site: similar site design, but a website address (URL) which looks nothing like the real thing.
So before you click on an email, check who sent it, and whether it lines up with what a real email from that company might look like. That’s not the name in front of the email, but the email address itself. Scammers can easily put whatever name they want in front of the email address, but they can’t fake the real email address. It’s just not how the internet works.
In the world of PayPal Australia, that email address is probably going to be
firstname.lastname@example.org, or something else with
paypal.com.au on the end of the email. Anything else is very likely a scam, and is a giant warning for you not to click on it.
What should you do if you see a PayPal scam?
If you do see a PayPal scam in Australia, or even anywhere else in the world, don’t click. Instead, consider forwarding it to an actual PayPal email address, email@example.com.
While it might seem a little on the nose, PayPal has an email specifically to check out phishing emails, giving its security teams something else to do, and hopefully provide a way to warn customers about the tricks scammers are trying, as well as provide a response to you on whether the email you received is the real deal.