Is This Email From PayPal Real or a Spoof?

PayPal scams, unsecure webpages, spam, and more: Internet ScamBusters #133

Today we’re doing a subscriber Q&A issue — here’s what you’ll find:

– How do I really know if an email from PayPal is real or a spoof?

– Should I be concerned about visiting web page addresses that don’t start with https?

– Can we send you scams to investigate on our behalf?

– How do I stop getting emails with short, very weird messages?

Let’s begin…

Internet ScamBusters Q&A

Question: How do I know if an email from PayPal is real or a spoof? I have a PayPal account, and some of the spoofs I get seem very real.

Answer: Unfortunately, PayPal and other phishing scams have gotten VERY sophisticated.

PayPal has recently created an excellent page called “Protect Yourself from Fraudulent Emails.” On that page, you’ll also find a link to another page called “10 ways to recognize fake (spoof) emails.” We recommend you visit both pages.

In addition, we’ve written quite a bit about PayPal phishing scams. For more info, also visit this page.


Question: In a recent newsletter, it was mentioned that we should be sure the URL begins with https rather than just http.

Then I notice that none of your links begin with https!

Is there a difference other than, evidently, https means it is secure?

Answer: We’ve gotten this question from a number of subscribers, and it’s a good question.

If you are visiting a website and reading the content, there is no need for the URL to start with https. Secure sites load much more slowly, so it would be disadvantageous for normal web pages to use https — especially if they include large graphics.

Secure, encrypted pages are important when you are entering private information — such as when you buy a product and enter your credit card info.

Therefore, the normal pages of our ScamBusters website do not use https. Neither do the pages that describe the ebooks we sell. However, all of our order pages (where customers enter their credit card info) are secure and begin with https.


Question: Is it possible for us to send you a copy of any possible scam emails that we receive for your organization to investigate on our behalf? I had sent one to your office 2 weeks ago and heard nothing yet from your organization about this so-called scam floating around.

Answer: We get thousands of these requests each week. We are a public service, and we don’t have the resources to provide this service.

You can visit our Fraud Avoidance and Reporting Resources page and our Scam Check Station for a list of excellent resources.


Question: I keep getting emails that are really weird. They are short messages that contain words with upper and lowercase letters. The weirdest thing is that in the “to” section there are email addresses that are similar to mine. I always delete them but I don’t know how this started or how to stop it. Please help!

Answer: These emails are usually spammers who are searching for functioning email addresses that they can send their spam to. They try millions of email addresses, and a tiny percentage of them are functional — but that’s all they need. Sometimes (but certainly not always), these emails have a Subject line that says ‘test.’

Most people will eventually get emails like this, especially if they own one or more domain names. There is little you can do about receiving these emails.

For info on how to reduce spam, visit our Stop Spam page.


That’s all for now. Wishing you a great week…