The phishing email
There are many telltale signs of a fraudulent email so let's take a look at the below PayPal phishing email example and draw some conclusions:
Sender's email address
As you can see, the sender's email address is clearly not from a PayPal domain.
To persuade you that the email originated from the spoofed company, the scammers use a "from" email address that appears to be from that company by using an actual or similar domain name (like firstname.lastname@example.org).
The email address can easily be altered – so it is not an indication of the validity of any email communication.
Another way in which the validity of an email can be checked is by analysing the message headers.
Plausible premise and the urgency scenario
Most phishing emails try to trick you into thinking that your account will be deleted or in jeopardy if it is not "updated" right away.
An email that urgently requests you to log in to a given website or supply sensitive personal or financial information is typically fraudulent.
Content and addressing
Typical phishing emails will have a generic greeting such as "Dear User" or "Dear (Company name) customer".
Note: Most legitimate emails will greet you by your first and last name, although the presence of personal details is not a guarantee of legitimacy.
Phishing emails contain links that look valid, or are represented in a confusing way, but send you to fraudulent sites that may or may not have a different URL from the one displayed.
Take a closer look at the "Resolution Center" link (Paypal-secure-check.com/en/login.php) that is trying to mimic a PayPal address.
Always check where a link points before you click it: move your mouse cursor over the link in the email and look at the URL in the tool tip or the status bar. As always, if it looks suspicious, DO NOT click it. Instead, open a new browser window, and type the web address you know for sure is the legitimate one (in this case https://www.paypal.com).
Never open an attachment coming from an untrusted or unknown source if you are not expecting to receive such files, as they may contain malware. Similar to the fake links, attachments can be used in phishing emails or in spam and are potentially dangerous.
Page 1 | Page 2 | Page 3