Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you
Shopping using a computer

Five tips to help you spot a PayPal scam (and other scams, too)

Are you seeing more PayPal scams flood your inbox? You might not be the only one, but here are some tips to help you steer clear.

It will probably come as no surprise to you to learn that scammers want your money, and that there are quite a few scams about the place. While anyone can fall for a scam, some of the easiest ones to fall for are based on services we all use.

It’s why it can be all too easy to believe the NBN is calling, even if the NBN would never actually call, or why PayPal might be sending you a message, because that actually happens, too.

The fact of the matter is that the scams that look like the real deal are the ones that are all too easy to believe, and that increases the chance that we’ll accidentally click on one. That we’ll accidentally fall for the scam.

Lately, scammers have been getting better at their craft, too. While the designs are getting more believable and it feels like some of them have even bought a dictionary after a couple of decades with ridiculous spelling errors, the recent number of scams feels like it’s getting borderline crazy to try and defend an inbox from nefarious emails, making life and checking your mail a little more hectic.

It’s a problem brands are all too aware of, and something a PayPal spokesperson told Pickr that they’re putting enormous resources into to try and help customers.

“PayPal has one of the most sophisticated fraud prevention engines in the world, with every transaction monitored and analysed within milliseconds to identify and help prevent fraud before it occurs. This approach combines machine learning, deep analytics and common human oversight to get a more accurate picture and response to fraud,” a spokesperson for PayPal said.

“The security of our customers’ account information is always a top priority for PayPal. We commit significant resources to combat cybercrime and proactively work with law enforcement agencies around the globe to help make the internet a safer place for everyone.”

While PayPal offer an email to send phishing attempts to — phishing@paypal.com.au — identifying a PayPal scam before you forward it on can be difficult for some. Fortunately, there are some tips to pay attention to, and they’re tips that should work for many a scam, not just those purporting to be from PayPal.

1. Check the email address for real

The PayPal phishing scam can be beaten by checking the email

One of the obvious ways to tell a scam is to check the email address, because it’s something a scammer can’t fake. By that, we’re not telling you to read the name the email has set up for itself, but the actual email address behind it.

Every email address has a send name — something the user designates for the account — and then an actual email address next to it. The first is easy to fake, and in scams often comes from something like “Account Support” or something universally logical for a scammer, but the next will almost always come from a random Gmail, or something else entirely. It can never come from the official email, because official email come from the real company, and is why you won’t see scams with the real email.

To put that simply: a scammer sending a PayPal scam could never use a paypal.com email address because they don’t have the access. It will alway say something else, and that’s a dead giveaway that it’s not legit.

Much like how scammers can’t use the real email, they also can’t use the real web address for their scams. Rather, they’ll set up a link somewhere else, and hope you don’t check, clicking through and landing at a phishing site, which is a website designed to look real that steals your details.

It’s all too easy to fall for if you don’t check what you’re going to click, but that’s all the more reason why you should check before you click.

To do that, hover over a link and look at the web address that appears in your web browser. If it doesn’t look legit — if you hover over a supposed “PayPal” link, for instance, and you don’t see “paypal.com” in the web address, it’s very likely a fake.

“If you can’t see what the link is, right click it, copy the link and paste it into a Word document to see the real URL you’re being directed to. If it looks dodgy, don’t go there,” a PayPal spokesperson told Pickr.

Computer user

3. Don’t open attachments

Attachments are a great way for scammers to hide other nasties, so don’t click on those either.

A scam might arrive with a PDF or document for you to click on, but you should only open attachments from people you trust. Opening someone else’s might just be a doorway to a virus, or another attempt at scamming you in some other fashion.

4. If it looks too good (or even too bad) to be true, it’s probably a lie

Scams tend to lure people with the promise of something great, almost in a way that’s too good. Tactics to suggest you’ve won a prize are common, and these almost alway fall into the category of “if it’s too good to be true, it probably is”.

However scams can also play on the power of fear, and that may also work in a similar way. Specifically, if something is too bad to be true, it’s probably a lie, as well. That includes the police coming after you or the tax office telling you to pay up, as these are less likely to come through over email, and more likely in the post or having someone turn up at your door.

If an email seems a little too good or too bad, question it, and try the next step.

If something is genuinely too good or too bad to be true, head to the real site by Googling its name, and not by clicking on a link in the email. The links in that email are already tainted, because there’s a possibility it’s a scam. Instead, Google (or Bing or DuckDuckGo) the brand and click on what the search engine says is the result for the page.

Scams invariably won’t have webpage, and they’re not likely to rank highly, either, giving you a pretty good chance that you’re going to run into the real site from a search, and not a scam. And when you’re there, you can find out whether that email or SMS you received is legit by logging into the real brand or service.

“If it’s a legitimate communication from the brand, the same communication will be available in your account through the official site,” said the PayPal spokesperson.

While PayPal scams will often try to suggest something is wrong with your account, as will other fear-driven scams, if there really was something wrong, someone at the real site would be able to tell you that, too. It’s highly likely everything is fine and the scammer is trying to pull a fast one over you, so don’t let them. Move on, and know you’ve beaten another scam, and are ready for whatever else a scammer tries to pull.

Read next