My scam email posts are consistently some of the most viewed on my blog, with various search requests leading people here. And that’s great, because it proves people are checking whether things are genuine or not, and so it’s helping to raise a bit of awareness.
I haven’t made any posts like that for a few months, because I haven’t received any emails that are different to the ones I’ve mentioned before. Thankfully the spam I get is still quite infrequent. But last week I had 4 copies of the same scam email sent to my blog’s email address in the space of a few minutes, relating to a company I haven’t mentioned yet – PayPal.
The signs to look out for are the same as ever, but are always worth repeating. Especially given that PayPal are so widely used, so scams that try to target its users are extremely common. So anything that helps to raise awareness of such fraudulent activity is always worth publishing. So here’s the email I got, and why it’s clearly fake.
From: [PPL-Services] (firstname.lastname@example.org)
Subject: View your recent activity
View your recent activity
Your PayPal Account has been temporarily Locked!
Update your Account Information now So not to be limited.
If you are unable to click the button below to confirm your email, please follow this link .
Click here to verify now (link = s.id/fwH)
The signs that this is fake are abundantly clear as usual:
- From Name: PPL Services? Why not just call themselves PayPal? PPL implies its an acronym for 3 words – which it is, when you search online for “PPL Services” and find that it’s the bill processing service of an energy company that used to be Pennyslvania Power & Light. So nothing to do with PayPal then! The abbreviation of PayPal is just… well… P! Or possibly PP as their name is two words rolled into one with both P’s capitalised. But either way, adding the L makes no sense.
- From Address: When you hover over the name to see the address, it’s email@example.com:
- notifaction – This appears to be a misspelling of “notification”, unless it’s a bizarre way of saying this is a notification for action you need to take, which doesn’t make any more sense.
- contact.com – This is a very generic domain – indeed, while it does exist, it’s not being used for anything and has nothing to do with PayPal. PayPal would send it from their PayPal.com domain, naturally. One of the 3 emails I had actually had the domain “contact.co” here instead, which may have been an error by the spammer, or it may have been an attempt to get around any blocks that might have been placed on the other address.
- Subject: “View your recent activity” feels out of context with the contents of the email. If you just saw the subject line on its own, you wouldn’t get the impression that it was urgent, as the main body of the message implies. It would feel more like it’s one of those emails reminding you about the features available on their website, which you’re more likely to ignore.
- Message Body:
- The PayPal logo is at the top of the email, but my mail program blocks images in junk emails (with good reason, as they could contain viruses), hence it doesn’t appear in the screenshot.
- The subject line is repeated at the start for no good reason, and isn’t even formatted to look more like a heading compared to the rest of the text.
- The email doesn’t address me by name. This is always crucial. PayPal already know your name, they don’t need a generic greeting.
- The words “Account” and “Locked” on the second line look strange with initial capitals. Only the word PayPal needs them, as it’s the company name. The exclamation mark after “Locked” also feels very out of place for a serious email.
- There are unnecessary capitals throughout the text that look out of place. “Account” & “Locked” on the second line don’t need them, and nor does the word “So” in the middle of the next line. “Account Information” doesn’t need them either, unless you interpret it as referring you to a page with that name on the website.
- “please follow this link .” doesn’t supply a link, and has a space before the full stop.
- “Click here to verify now” – When you hover over this link, you see it points to a short-form web address (s.id/fwH), which is nothing to do with PayPal. That site is a very obscure example of a link shortening service, which reduces links to take up far fewer characters (e.g. for use on Twitter). That means the link could be going to any website, and you have no idea where. PayPal wouldn’t use a service like that – they’d simply direct you to a page on their own website. And even if they do that, you should really still go to the website separately, via a link you already have for them in your bookmarks, or looking up the website on Google, just to be absolutely safe.
- “Thanks” seems an odd way to end an official email, with no name of anyone to contact. It’s also spaced quite a distance away from the button, so it seems all on its own away from the rest of the text. There’s not even any attempt to add an official PayPal footer after it either, with terms and conditions or links or whatever.
That’s it. Just a very short and silly little email really, another poor attempt at a scam. But remember, if a company like PayPal or your bank or a shopping site appears to email you asking for your details e.g. to unlock your account or prove your identity, never click the links they provide. Always go to the website via the link that you already have stored, or get the official link by searching for them on Google. You can then log in to your account as normal, which will prove if it’s locked or not.
You can also get the official contact details from their site as well, and most will also be reachable on Facebook or Twitter these days. So if you’re unsure whether an email is genuine, don’t be afraid to contact them to check. If it’s real, they’ll soon be able to tell you. And if it’s not, they may want you to forward it to them so they can investigate it and hopefully stop others being affected.
So thanks for reading, and if I see any more scam emails worth mentioning, I’ll continue to let you know!