Except it wasn’t from PayPal at all but instead an attempt at phishing.
The first giveaway that it may not be the real deal was that Outlook’s junk mail filter had trapped it.
The second sign was a really obvious one – a spelling mistake in the email domain. If you look closely at the screenshot, you’ll see it says [firstname.lastname@example.org]. Oops.
And the final confirmation, from PayPal themselves when I sent on the email to their fraud team:
Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team is working to disable it.
[…] Every email counts. By forwarding a suspicious-looking email to email@example.com, you’ve helped keep yourself and others safe from identity theft.
Whenever I receive an email like the one I got this morning that, somehow, raises my suspicions, I’ll do nothing with it other than send it on to the company it’s supposedly from if that company has a trusted means of communicating such information with them. Then I delete it.
PayPal is such a company. Another is my bank, Lloyds TSB. Here’s what I saw this morning when logging in to the online banking system:
Note the specific email address the bank has for forwarding bogus emails to.
This is just one of the means you have as a customer to report suspicions. I like Lloyds’ proactive approach. And I’m confident that if I receive any email between now and year end that is supposedly from Lloyds TSB, it definitely isn’t.
What these two examples reinforce for me is the need for constant vigilance as the crooks and scammers never let up. Whether it’s phishing emails or websites or any other device that fools you into disclosing sensitive personal information, you have to be on your guard and take some safety precautions.
Here are five simple guidelines I follow as my first lines of defence:
- Have a comprehensive protection system on your computer that embraces a firewall anti-phishing protection and anti-virus scanning of files as well as your emails and instant messenger conversations. I currently use a McAfee suite across all my PCs. (If you don’t have such protection installed, here’s the deal for you – tomorrow, November 18, you can download Zone Alarm Pro absolutely free.)
- Never, ever, click a link in an email or IM chat from anyone you don’t know or from a company even if you know them. Even when it’s someone you do know and they’ve sent you a file as an attachment, for instance, extract the file to an empty folder and run a scan on it with your protection software. If it comes up clean, only then open it.
- Anything that happens – whether it’s email or on the web – that raises your suspicions about anything, always report it. (If the company concerned has no means to do that, demand that they do. Perhaps consider a move to a competitor that makes you more confident.)
- With the increasing use of mobile devices, exercise even more care with your mobile phone as anti-phishing and other protection on mobile platforms is still pretty flimsy compared to computer systems.
- If you connect to a network via wifi – such as a public hotspot or any other casual network – use the maximum security settings that your operating system and hardware support that will minimize your exposure to anyone sniffing network traffic and having your data intercepted.
All of this is very timely to mention as today marks the start of the fourth annual Get Safe Online week in the UK, a week-long awareness-raising exercise to encourage internet users to take steps to ensure that they, and their computers, are adequately protected.
The website is a rich resource of comprehensive information that will help anyone understand better how to stay safe online.
Do you have other tips or advice? How’s your own online security looking?