SCAM ALERT: Your PayPal Account Has Been Limited Case ID

How To Know An Email Is A Scam Without Opening

I just found this “Your PayPal account has been limited Case ID 114-470-894” scam in my inbox this morning. The Case ID may very well change. This is NOT a new PayPal scam, but I have not seen it in quite some time.

It’s a fairly well done email phishing scam, too, it lacked the usual GLARING typos and bad English.

Yes, emails like this make one’s heart skip a beat, thinking immediately “was I dumb enough to leave any real money in my PayPal account?”, just in case it is a legitimate email.

Find out here how to know if it’s a scam without opening the email, you never know what lurks just from opening.

Since I have to check these things out to warn you guys, though, I did open it.

 

How To Tell An Email Is A Scam

Step #1: Who REALLY Sent It?

I use Gmail for a number of reasons when it comes to my online marketing and to be able to give out to others, but my IMPORTANT mail comes through my own domain, to my own MS Exchange Server and I organize it with Outloook. Yes, I use Thunderbird too, for other email, and curse it when it crashes, the unified inbox doesn’t work, etc.

Here is the screen shot from Outlook where I right click the email in question and select “Message Options”s:

Now, please raise your hand if you think PayPal sends there account warning emails out through “nationwidemedical.com” email servers? Without checking, I’m guessing that nationwide medical may be legit and that someone has hacked their email servers for relay purposes.

Next, look at the “From:” address. CAREFULLY!

Yeah, paypall – with 2 ‘L’s on the end. The REAL PayPal doesn’t do THAT either.

CASE SOLVED: It’s a scam, no need to look any further, SHIFT-DEL and bypass the recycle bin.

Step #2: Optional, Do At Your Own RISK! Where Do The Links Go?

Kudos to these scammers, they are so much better than they used to be.

With Outlook you can just hover your mouse over the link where it says “log in to PayPal”. See the screen shot below:

At first glance it seems OK, right? http://www.paypal.com

There are 2 problems with that:

1. PayPal would use the more secure https protocol, not just http
2. Notice the period at the end, after the “.com”

This link continues with a “subdomain” of gibberish which may have a specific purpose, or it could be just to add “noise” to keep you from following the trail to the REAL DOMAIN they are sending you to.

On the 3rd line of the blueish “Click to follow link” box is the REAL DOMAIN you are going to. Are you ready?

It’s: a31b6sf828j80ctuxy48wx4.com

But they aren’t done yet, all the rest of that is a script it will run and what I have blacked out is my email address that they are passing to their server. It’s hard telling how much of that they use and how much may be there to fool you (like “login-processing=ok”).

The Goal Of This PayPal Email Phishing Scam

Their goal is, of course, to get you to use your REAL PayPal login credentials on their phony PayPal login screen so they can capture that information, go to the real PayPal.com and clean out your account, possibly including any bank accounts attached to that PayPal account.

How To NOT Get Scammed With PayPal Phishing

Whenever I have need to login to my PayPal account – even when checking out after buying a product using PayPal, is to directly put https://PayPal.com in a new browser window.

The way I make sure I do it is that I have my PayPal passwords in Counterpane’s Password Safe (free, also have mobile app); and I have the PayPal address, WITH the https, in the URL field and I click the “go” button in Password Safe after copying my password.

Note that this way not even a keylogger would get my PayPal password because it’s copied & pasted.

You remember the T.V. show, don’t you: “Let’s be careful out there“

Video Showing How To Spot A Fake Email, Phishing Scam

I appreciate feedback through comments!