“Your PayPal Account Has Been Limited” OH NOES!!!111

“Access to your account has been restricted.”  “Your account has been compromised.” “You have violated our terms of service.” Have you ever received an email such as this? Did it set your heart to racing? As they say in The Hitchhiker’s Guide To The Galaxy, “Don’t panic!” Put down the mouse, and slowly step away from the keyboard.

PayPal Scam EmailYou may laugh, and I certainly jest, but it’s really no laughing matter. The email shown in this photo, and those such as this, are serious attacks on your system and your security, designed in such a way as to provoke the panic response: “Oh, no, I have to do something about this immediately!” Click. Disaster strikes.

Now, I will freely admit that I don’t know the specific threat this particular email poses – I wasn’t foolish enough to click the link and find out. And that’s exactly how you should handle it as well, as the secondary response that an email such as this is intended to provoke is curiosity; you may be suspicious of its validity, but don’t you really want to know if it’s true?

No! You don’t. What you really need to be concerned with is not what this email IS, but rather what it isn’t, and that’s “legit.” ANY email you receive from ANY institution that deals with finances or other personal information should be scrutinized very closely, and there are usually clues to help you tell the good from the bad.

In this case there are several, which I have circled in red and given a number. There are also other clues which help us by their absence:

1) Fake email address (and obviously so): This states it’s from “peypal.com” — a dead giveaway, but you can’t always trust that correct email addresses translate to legitimacy.  It’s far too easy for a skilled spammer to spoof a real address.

2) Attachment is an .htm file:  .htm (and .html) are web pages; this is a poorly-disguised attempt to send you to a (possibly porn-related, possibly virus-infected) web site.  The standard for attachments is PDF, but again, even a .pdf extension does not mean it’s 100% trustworthy.

3)  “Secure Transaction”: Wording chosen to set your mind at ease — after all, it’s “secure,” right?  And it’s obviously a hyperlink, ready for you to click. But why is this link here? No explanation is given as to what it is or why you need to click it.

4) “Dear customer ,”: Why is this heading not at the beginning of the letter?  Why no identification by proper name?  Even the comma is misplaced — all clues that this isn’t professionally prepared.  And even though the email itself is carefully worded to say something, the actual specifics — what the issue is, what information is needed, why exactly your account is a “safety risk” — are never mentioned.

5) No contact information (which I have highlighted with a blank circle): No other way to get in touch with PayPal is included in the email.  Why?  Because if your curiosity does overcome your better judgment, your only choice to find anything out is to click one of the links.  Frustrated? Gotcha!

So, what do you do?  First and foremost, if you have ANY doubts as to the validity of a finance-related email, go straight to that business’s website, log into your account, and check it out in that manner.  Do NOT click links in the email that purport to direct you to the business website.  Second choice — call someone at the institution and ask about the issue.  Third, delete it and forget about it.  If there really IS an issue, it’s highly unlikely that an email is the only way you’ll hear about it.

Comments or questions about this information?  I’d love to hear them!