By special guest author Linda Criddle of ILookBothWays.com.

Tens of millions of internet users use the online transaction company PayPal to purchase, send and receive money.

Scams claiming to be PayPal alerts have been running around the web for years, but this example shows a bit more sophistication than many of the previous versions – which shows that criminals can be taught. Every time criminals improve their scam skills, you need to be sure your defenses are one step ahead.

8 Tips to Using PayPal Safely

1. )  Look at the sender’s friendly name: service@limit.paypal.com, and the senders real email address info@hi5.com. They are so cheap that they did not even get a fake friendly name that could spell paypal without a weird space in it – and no one should believe a notice from something as obscure as ‘hi5.com’ – which is no doubt the action the scammers take every time they fool another victim.

2.)    The email is not addressed to you. This is purportedly from a financial institution. If they don’t know you, never deal with them.

3. )   The subject line is ridiculous. The numbers and characters are supposed to impress and intimidate you, instead they look like what they are – nonsense.

4.)    The company does not address you personally – Here’s the official scoop folks, straight from the real PayPal web site. “PayPal will never send an email with the greeting “Dear PayPal User” or “Dear PayPal Member.” Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account.”

5.)    Safety messaging is included to boost your confidence that the email is legitimate. Nice try, but still fake.

6.)    Notice the safety URL is not an actual link (http://www.paypal.com/securitytips). This is because the scammers don’t want you to click on it. Though the URL is not correct, it is close enough to the correct link that search engines are likely to take you to the correct site, or suggest the correct site. Did you spot the flaw? Notice the ‘s’ is missing in the https. Here is the real link https://www.paypal.com/securitytips. Make it a rule to search for the correct link yourself instead of using a link provided to you by an unidentified email.

7.)    PayPal does not give multiple-choice options about an issue with an account; they will be precise. And then there is the problem of the dates. The email claims to be notifying me of an incident where my account was “accessed by a third party” on Jan 3rd, 2009. The date on the email is April 9th, 2009 – PayPal does not wait three months to notify a user of a problem. The scammers should at least have updated their bogus date of incident.

8. )   The malicious link. Having created their elaborate scam, the crux is getting you to click on this link. However, hovering over the link shows you the real URL – don’t let the phrase ‘paypal’ buried after a string of 35 nonsense characters fool you. – Instead find PayPal yourself using your search engine and look at your account through their service.

Of course, the most telling clue that this is a scam may be that you don’t even have a PayPal account.

Original article source: http://www.ilookbothways.com/blogs/lindasblog/2009/04/11/paypal-scams-return

Article re-posted thanks to Linda of www.ilookbothways.com.

Posted in Internet Safety | guides, Internet, privacy | |