Ingenious PayPal mimicing spam

Daniel Pataki
Jan 5, 2008
Updated • Dec 8, 2014

About 2 days ago, I received a quite clever spam email in my Gmail account. It's still pretty new, so I do take a look when I occasionally get spam to filter out any mistakes (none so far). I noticed a letter with the sender "PayPal". I clicked on it and it says:

This email confirms that you have sent an eBay payment of $47.85 USD to for an eBay item using PayPal.

If you look at the email, it does look like a PayPal email at first glance. There are differences, but who can really recall an invoice on first glance?

I have to say, that despite my "mental training" to be really cautious, I almost clicked on the link. My first thought was, maybe someone hacked my account. I don't have a load of money on there, but I do have over $48, so if they did hack it, it would make sense to only send that small amount. If you read a bit further, here's what you see, and this is what arose my suspicion.

Note: If you haven't authorized this charge ,click the link below to dispute transaction and get full refund (Encrypted Link )
*SSL connection: PayPal automatically encrypts your confidential information in transit from your computer to ours using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bits (the highest level commercially available)

First of all, yeah right, I click dispute, and I get all my money back, how nice of PayPal, not even to look into it.

Second of all, I don't think 128 bit SSL is the highest available.

Third of all, and this was right before I almost clicked, the link contained inside (I have removed it now) goes to a very non-PayPal page. I mean it goes to some Japanese, even spam-sounding website.

By the way, 3 of the five links in the email went to the same page. I just stopped there and then and forgot about it. Upon an even closer inspection though you can see the comma error in the first line, and also the faulty bracket spacing after "Encrypted Link".

Whenever you receive something that seems like spam, always remember to check these things, they can tell you it is spam, or at least keep you from clicking away wildly. Click on the pic if you want to see the email, it's in gif format, so no need to worry about links and things.

Update: I have forwarded the email to spoof [at@] paypal [dot.] com, if you receive anything like this, please help them out too.

Article Name
Ingenious PayPal mimicing spam
Information about a new PayPal phishing email that looks legitimate on first glance.

Previous Post: «
Next Post: «


  1. Heather said on July 3, 2008 at 3:12 pm

    I received alot of this exact e-mail. What gave away it was a scam was that I had never had a paypal account under this e-mail address. Plus the fact that payment was sent to a different person than the one who had this item I supposedly bought. I am now getting a different e-mail, same kind, but different item and amount, saying I sent money to whomever and I should ship said item to this other person. That’s getting kind of lazy in trying to employ a scam. I just want to know how to get these e-mails to stop. I’m getting around 10 – 15 of them a day. I have never clicked on the link, that I do know would be retarded. If any one knows how please let me know, I’ve marked them as phishing through my hotmail junk account, but that did nothing.

  2. kurt wismer said on January 6, 2008 at 6:18 pm

    @tony t:
    i take it you’ve never heard of a drive-by-download… simply going to the site could be enough to compromise your machine with malware… there’s nothing that says phishers have to rely completely on trickery to get the job done…

  3. Tony T said on January 6, 2008 at 4:39 am

    Good story. I’m just curious, but what is wrong with clicking the link, just to see where it goes?
    The computer isn’t going to explode, but what would actually happen if I were to visit the site?

  4. Syber said on January 6, 2008 at 3:13 am

    Actually, it has a easy way to judge if a mail from paypal or banks. Real mail always call your real name that cause they knew you, but fake one just call you something USER, like Dear Paypal user…

  5. kurt wismer said on January 6, 2008 at 12:43 am

    i solve the problem of deciding whether a supposed paypal email is real or not by giving paypal a unique address to use instead of my real one… then a phisher would have to either guess the unique address i to paypal and noone else or guess what email sent to that address would look like after sneakemail forwards it on to me…

    it makes picking real paypal emails out of the pile of fake ones easy…

  6. Daniel said on January 5, 2008 at 9:12 pm

    Sorry about that, I’m kind of tardy when I’m sick :) All done now I hope.

  7. admin said on January 5, 2008 at 11:31 am

    JoJo Daniel added only a small thumbnail where nothing was visible and I removed it. I guess he forgot to include the link to the full size image.

    Bloglines have maybe a copy of the story where the image is still available.

  8. Jojo said on January 5, 2008 at 11:24 am

    Martin – On your RSS feed in Bloglines, I see on the left side a very small image that looks like the email in question. However, I don’t see that image when I come to your actual web page. Why not? Using FF

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.