Yet another PayPal email scam arrived in my inbox recently, claiming there was "unusual activity on your account".
The email went on to instruct me to log in to PayPal to "resolve a limitation on your account”.
Addressing me as “Dear Customer” (and not by my name which did not appear), the main text of the email informed me that:
“Recently, there's been activity in your account that seems unusual compared to your normal account activities. Please log in to confirm your identity and update your account information.
To help protect your account, no one can send money or withdraw money. In addition, no one can close your account, send refunds, remove any bank accounts, or remove credit cards.”
There was further explanation – some of it effectively repeating the first paragraphs – under the heading “What's going on?”
This said: “We're concerned that someone is using your account without your knowledge. Recent activity on your account seems to have occurred from a suspicious location or under circumstances that may be different than usual.”
It continued (with one or two spelling mistakes):
What do I do?
Log in to your account as soon as possible. We may ask you to confirm information you provided when you created your account to make sure that you're the account holder.
Update Your Information
Once you've completed all the tasks, we'll remove all restictions immediately.
A complete sham
The reason for my concern though is that the email and its contents are sheer utter nonsense.
It was sent to me via an email address I have as a director/trustee of the London Cycling Campaign, a registered charity.
The campaign takes membership payments and donations via credit and debit cards (as well as cheques and cash) but does not use PayPal. I do not have any personal account with PayPal – in fact, I can't remember ever using it.
So the whole thing is phishing nonsense. It's designed to capture passwords, sign-ons and other vital information so fraudsters can hijack the account. Its only concern is to rip me off, not worry about my financial online health.
The company name at the bottom is “SCA Société one Commandite couple Actions”. The Société Commandite Actions bit is a form of company structure used in Belgium and Luxembourg.
But it is as meaningless as receiving a letter from a UK company which simply has “company limited” or “public limited company” without its name or anything else. The Luxembourg address is real – but the sender does not have a PayPal email.
I should say “senders” because I soon received four more almost identical emails – all apparently from different addresses.
How to spot scams
It is, of course, a total scam. PayPal (and other similar institutions) is hit by this sort of scam on a daily basis, if not hourly. You can read more about how to spot fake PayPal emails on its site.
PayPal says you'll know an email is a fake when:
- The email uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ PayPal always addresses you by your first and last name or the business name on your PayPal account.
- The email requests financial and other personal information. A real email from PayPal will never ask for your bank account number, debit or credit card number. It will also never ask for your full name, your account password, or the answers to your PayPal security questions in an email.
- The email asks you to provide the tracking number of a dispatched item, before you've received the payment into your PayPal account
- The email includes a software update to install on your computer.
Amazingly, some respond with loads of personal details when they don't even use PayPal.
This is still useful information to the sort of people who inhabit the online scam world. If nothing else, it shows they're a very soft touch and so likely to respond to other scams.