This article, short as it may be, could save both your money and identity, if you are a PayPal customer.
PayPal, now an eBay owned company, manages the money for all transactions conducted on eBay, plus those of a huge number of non-eBay customers who use PayPal to send and receive money online. In all, as of June 2011, PayPal claims to have 98 million active users, in 190 different markets and 25 currencies. You may be one of those members.
If you are not a PayPal member and do not make any purchases on eBay, nor send donations via PayPal Donate buttons, or make any other payments through them, you will automatically treat all email claiming to come from PayPal as spam and a probable Phishing scam (most are). You won't be tempted to click on any links to login to your PayPal account if you don't have one!
But, if you are one of the 98 million members of PayPal, whether you use them rarely, or often, you have to allow them to send you email messages. It is not optional. This leads me into the topic at hand:
PayPal is still sending official email messages to its members, containing clickable links, and urging you to login to your account via those links.
This is exactly the same behavior used by Phishing scam artists. They send official looking copies of the exact emails that companies like PayPal are sending to their customers. They include clickable logos and text links, urging you to use them to login to your PayPal account and give away your username and password and all of your money that is either in your PayPal account, or in the credit card linked to it, or in the bank account linked to it.
In the case of actual PayPal email messages, the only obvious distinction is that they always address you by your proper name, as it is registered with them (E.g.: Dear Joe Blow). The Phishing scams usually address you as "Dear Member." The actual difference in the links is that the real PayPal email links point to sub-domains on paypal.com, like: email0.paypal.com/servelet/whatever... whereas the links in Phishing emails will lead to a different domain than paypal.com.
You can learn to see the actual location of any link in most email messages by hovering your mouse or pointer over the links, but not clicking on them. The actual domain portion comes between the http:// and the first forward slash (/). Any domain names that follow the first forward slash are inserted to fool you. So, if the URL you see in the Status Bar show something like this: https://email0.paypal.com/servlet/cc6?iitgHQYRASQUV... it is an authentic PayPal link. On the other hand, if the hover link resembles this: http://account-verify-paypal.com/... it is a fake. The domain in the second link leads to a domain named account-verify-paypal.com - which is NOT the same domain as paypal.com! But, https://email0.paypal.com/ IS a sub-domain on paypal.com.
Sub-domains are separated from the master domain by a period (.); not a dash (-), nor an underscore (_). Only a DOT between the first name and the domain name is a legal sub-domain. Thus, this is a sub-domain: email0.paypal.com/ ... This is NOT a sub-domain: email0-paypal.com; it is a totally different Domain Name.
This information about hovering is fine for people using a standalone email program, like Microsoft Windows Live Mail, or the old Outlook Express, which display a Status Bar on the bottom by default. But, many people use their web browsers to do email and quite a few do not opt to display the Status Bar. Those folks will not see the true destination of links before they click on them.
It it a foolish act, in many opinions, for a huge financial firm, like PayPal, to send out email communications about Policy Updates, overdrafts, pending cases, etc, and include clickable links to log you into your account! This is the very same means used by fraudsters to trick victims into clicking on their links to look-alike login pages, where your credentials and money and bank details will be stolen.
PayPal would better serve all of its customers by instructing them to login to PayPal (or their bank) by typing in the URL, in the browser address bar, or by re-using a link they saved from a previous, legitimate online session. Most browsers save your frequently visited websites and will help you as you type. I opnly need to type a couple of characters for the legitimate PayPal URL to appear.
Note: All PayPal logins should have HTTPS at the beginning of the URL; NOT HTTP. HTTPS indicates a secure connection, to a website with a legitimate safety certificate issued by a secure (SSL) license issuer. Anything you type into input fields in an HTTPS connection is encrypted before being sent out from the browser. Anything typed into a form on an HTTP page is sent out in plain text.
The bottom line and message I am trying to impart to you is this: It makes no never mind what the links in a PayPal email (real or fake) lead to. DON'T USE THEM! They might be real, or fake and you may not be able to tell from how they are displayed in your Status Bar (if you have one showing). If an email arrives from PayPal, about an important matter, like their Policy Updates, or Disputes, or accounts added, ignore the links in the message. PERIOD. Go to your browser, open a new tab, or new window and type in https://www.paypal.com/ then make sure it still says exactly that in the location/address bar (watch out for typos that could lead to malware sites), then press Enter. Then and only then, type in your login credentials.
By always typing in the address of important financial websites, then verifying them before pressing the Go button, or Enter, you can hopefully avoid being phished by credential crooks. There are other ways they can ensnare you, so keep your computers protected with the best anti-malware program you can afford. I use and recommend Malwarebytes' Anti-Malware and also, Trend Micro Titanium Internet Security Pro
back to top ^