Phishing is when someone sends you an email designed to trick you into handing over personal details such as your passwords. Below is a new phishing email. At first glance it looks like it came from PayPal. It’s designed to trick you into clicking their link – it does this by coming up with a story about your account being locked.
Below is the email. At the end of this post I’ll explain what you can do to avoid falling for these things.
We are constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.
Why is my account access limited?
Your account access has been limited for the following reason(s):
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
(Your case ID for this reason is PP-0XD2-0XBC-0XDA-0X37.)
How can I restore my account access?
Please visit the Resolution Center and complete the "Steps to Remove Limitations."
Be aware that until we can verify your identity we will have no other liability for your account or any transactions that may have occurred as a result of your failure to upgrade your account as instructed above.
What can you do to avoid phishing emails?
- Do you have a PayPal account? If not then you should immediately suspect it’s fake.
- Is the email poorly written? If you look carefully you’ll find grammatical errors in the email shown above. Scammers generally have poor English skills.
- Use one of the newer web browsers. For example, I clicked on the link in the email to see what happens. Google Chrome immediately identified it as a phishing email and displayed a large red screen with a large warning that this is a phishing site. Opera does the same. Internet Explorer didn’t try to stop me (80% of Windows users still use Internet Explorer, it’s time to upgrade). So alternative browsers are safer to use.
- Install a good anti-virus package. For example, Trend Internet Security checks which web sites you’re visiting and it will stop you from going to known phishing sites. There’s a small subscription fee to buy and keep using Trend Internet Security and I think it’s a good investment (it’s cheaper than having someone take all the money out of your bank account).
- When you see a suspicious email, don’t click on the links they provide. If you’re really concerned about your account being locked, open a new tab in your browser and type in the address yourself. Then you know you’ll be going to the real PayPal site (or your bank, etc).
- When there’s a link embedded in an email you can place the mouse pointer over the link and wait a second. Usually you’ll be shown the address it points to. If the address isn’t exactly what you expect then it’s fake. Read more here about recognising fake addresses.
- Some email services include spam filtering. Sometimes you have to pay extra for this service. Spam filtering usually also filters out phishing emails. This removes these bad emails before you even get to see them.
- When you see a suspicious email, copy some of the text and paste it into Google. Then look through the results to see if it’s a known scam. (This is why I copy & paste all these bad emails into FraudO, to help Google find them).