I opened my inbox to find an email receipt from PayPal for tickets from a travel website totaling $220. I made no such purchase. It looked very much like an official email from the online payment service provider. With a sick feeling in my stomach, I wondered if I had been hacked. But looking closer at the email, I knew it was simply a scam.
Several things about the email convinced me it was not authentic:
Suspicious Sender Address
While the name of the sender was recognizable, the actual email address didn’t even contain the name of the supposed sender. This is a huge red flag suggesting the email isn’t legitimate.
Hidden Link URLs
Most official emails from companies will include a hyperlink to get more information. When you hover the mouse pointer over it, the destination URL will be displayed at the bottom of the email window. If the address is the official site of the supposed provider, it may be legitimate. If the URL is a shortened address, or something completely unrecognizable, it’s likely a scam.
If you’re viewing the email on a mobile device, click and hold the link with your finger and a pop up window will display the destination email.
Incorrect Policies
Scam emails will attempt to create a sense of panic, urging you to take action immediately. For example, my email stated if I wanted to dispute the charge I would have to click a link and take action within 24 hours. This is not PayPal’s policy, thus adding to my suspicion of the email.
Misspelled Words
The email used the word, “resolution” several times, however in one instance it was misspelled, “resolutin.” While it’s possible a multi-million dollar company would send out an email with a misspelling, it’s not likely.
Bad Grammar
Similar to misspelling, large companies have professional proofreaders making it unlikely text with blatant bad grammar would be sent to a customer.
What To Do Instead
- Log In: Sign into the online portal of the supposed sender and check your account. I did this and found no record of the transaction listed in the email. I then signed into my bank online and found no evidence funds had been withdrawn from my account.
- Make A Phone Call: If you cannot conclusively determine the authenticity of an email notification, call the company’s customer service line and discuss the situation.
I was happy to discover the email was a scam, simply trying to get me to click on a link. Had I done so, it probably would have sent me to some URL that looked like PayPal, trying to get me to give up my signon information, or maybe a site trying to sell me something, or a virus may have been downloaded to my computer. Always be suspicious of emails that give you a sense of panic, or make you feel like somehow you’d been hacked or your bank account compromised. Instead, stay calm, look for red flags and verify the email is legitimate before taking action.
How about you, EOD Nation, have you received an email that made you think an account of yours had been compromised? What did you do?
