About 2 days ago, I received a quite clever spam email in my Gmail account. It's still pretty new, so I do take a look when I occasionally get spam to filter out any mistakes (none so far). I noticed a letter with the sender "PayPal". I clicked on it and it says:
This email confirms that you have sent an eBay payment of $47.85 USD to email@example.com for an eBay item using PayPal.
If you look at the email, it does look like a PayPal email at first glance. There are differences, but who can really recall an invoice on first glance?
I have to say, that despite my "mental training" to be really cautious, I almost clicked on the link. My first thought was, maybe someone hacked my account. I don't have a load of money on there, but I do have over $48, so if they did hack it, it would make sense to only send that small amount. If you read a bit further, here's what you see, and this is what arose my suspicion.
Note: If you haven't authorized this charge ,click the link below to dispute transaction and get full refund (Encrypted Link )
*SSL connection: PayPal automatically encrypts your confidential information in transit from your computer to ours using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bits (the highest level commercially available)
First of all, yeah right, I click dispute, and I get all my money back, how nice of PayPal, not even to look into it.
Second of all, I don't think 128 bit SSL is the highest available.
Third of all, and this was right before I almost clicked, the link contained inside (I have removed it now) goes to a very non-PayPal page. I mean it goes to some Japanese, even spam-sounding website.
By the way, 3 of the five links in the email went to the same page. I just stopped there and then and forgot about it. Upon an even closer inspection though you can see the comma error in the first line, and also the faulty bracket spacing after "Encrypted Link".
Whenever you receive something that seems like spam, always remember to check these things, they can tell you it is spam, or at least keep you from clicking away wildly. Click on the pic if you want to see the email, it's in gif format, so no need to worry about links and things.
Update: I have forwarded the email to spoof [at@] paypal [dot.] com, if you receive anything like this, please help them out too.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.