Here’s an official looking piece of email I received today –
Dear PayPal User,
We are sorry to inform you that due to our recent security improvements you must
confirm your account information in order to keep it running in a perfect condition.
You are requested by PayPal to Log In and to verify all the requested information.
Please notice that submiting wrong information may lead to PayPal account removal.
We know that is an inconvinience to you, but please understand that this is a very
important security measure for us for keeping your account safe and secure.
If you have any questions feel free to contact us at any time security@paypal.com
You can confirm your account information by clicking the link bellow:https://www.paypal.com/cgi-bin/login
Looks legitimate at first glance, but read closely and you will see that “submitting”, “inconvenience”, and “below” are misspelled. In addition, the phrase “to keep it running in a perfect condition” is rather strange construction, suggesting that English is not the writer’s first language. All these are tipoffs this message is phony.
Does the email measure up to Paypal’s writing standards? Let’s take a look. Here’s a bit of content taken randomly from the Paypal website.
Take your business online with security and flexibility.
* Connect your online store to any major payment processor, bank, and card association with our industry-leading payment gateways, Payflow Link and Payflow Pro.
* Accept credit and debit cards with your current internet merchant account. And accept PayPal too (U.S. only).
* Feel secure knowing that 128-bit SSL encryption lets customers confidently use their credit cards online.
* Integrate easily. Payflow Gateway is pre-integrated into many shopping carts.What is a payment gateway?
It’s a secure connection from your online store to your internet merchant account and your payment processing network.
Pretty good! No spelling or grammar flaws as far as I can see. If the phisher had written his email this well, he would bait more folks into giving up their PayPal user name and password.
Careful reading and a spell check are sometimes all it takes to spot a scam.
I get these supposedly from various banks all the time, including, on occasion, my own. But our bank has a well-publicized policy that they NEVER email you anything of the sort. I know it’s less than sticking a finger in the dike, but still, I forward it to their phishing trackers. Hey, you never know.
What kills me, though, is that things like this MUST work… else, why bother? When you think of the people who are ‘way too trusting on the ‘net… sheesh!
Bob, Too trusting or poor readers, maybe.
Great tip, but what if these bloody fishers start catching on, and improving their skillz?
Well Zach, that would be a problem, but hey – maybe it would lead to more work for me.
Never thought about grammar in relation to this kind of message, Brad. I get them every now and then and dump each one.
Thanks for the tip that grammar give them away.
Robyn, I actually used to fall for some of these until I started reading them closely.
“Careful reading and a spell check are sometimes all it takes to spot a scam.”
Interesting tip. Makes sense too.
Nice post! (Stumbled and Dugg!) Lucky for us that these scammers seldom check spelling errors.Makes it easier for us to spot them.I receive only those nigerian scam letters once in a while, but none from “PayPal” as of yet.English is not my first language, I may be easier to fool with this kind of scam.
Jesse, after writing this post, I’ve noticed most of these emails really do have lots of errors. Tom, thanks for the Stumble and Digg! You wonder why the scammers don’t pay more attention to detail, considering how clever and conniving they must be.
Ah NUTS. I suppose this means I shouldn’t be waiting by my mailbox for that Nigerian money I won from the lottery there?
Brad,
These phishing e-mails are very often very poorly written–thank goodness. But I’ve also received a few that were very professionally done–almost frighteningly so. So it isn’t enough to look for spelling or grammatical errors. You also need to pass your cursor over the link they ask you to click (without clicking) and see what irregularities you find in the URL you’d be taken to if you were to click. This can be an education in itself! It’s also a good policy to never click a link in an e-mail unless you’re absolutely certain where it came from.
There’s really so much more to the issue, because often it involves being taken to spoof websites; and it’s important to know how to spot them. I’ve written several blog posts about these two related topics at Writer’s Notes.
I usually get one or more “PayPal” e-mails every day; and lately I’ve been getting them from “e-Bay,” too, along with all the others I regularly receive. Sure wish these people would find something more constructive to do.
Jeanne
GL, Sorry to disappoint you, but yes, you might have trouble collecting. I won $48 million last week and haven’t seen a dime. Jeanne, thanks for the hovering tip. Some of the PayPal emails look more authentic than others, that’s for sure.
Brad, great point. I always laugh at the poorly written messages and wonder “who believes this stuff?” Lately I win money daily. The messages are hilarious and I am getting 5-7 per day. Okay actually not so funny anymore because of the volume but the first few were pretty funny.
Karen, only 5-7 a day? I’m jealous. I get two or three times as much. What worries me is one day I’m going to delete a message where I actually won $1 million.
LOL! Now I feel pretty lucky that I’m not getting as many as you. I also worry that I’m going to delete that real message that tells me I’ve won something.
Karen