We’ve all been told to watch out for scams, but what about when it’s using the real email address and website of a company? NBC 7 Responds breaks down how to tell if it’s a trick.
One of NBC 7’s producers, Meredith, received a real email from PayPal. Inside it was a real invoice, but for a purchase that never happened.
The email passed all the initial tests. It was sent from the real PayPal email address, there were no spelling or grammatical errors and the links appeared to take you to PayPal’s official website.
The first red flag was at the very bottom of the email, where there’s a “Seller Note to Customer.” That’s where a business can send you a message about your purchase, but this one said Meredith needed to call a number because her account was accessed fraudulently.
Being extra cautious, Meredith typed in the PayPal URL instead of clicking on the link. Once in her account, she saw someone had sent her an invoice for $500 supposedly for buying two target e-gift cards. She also saw that “Seller Note to Customer” again, telling her to call that number. Wanting to learn more, she called them.
The man on the other end of the line told her to open a new window and type in a new URL, which was not PayPal’s website. Then he asked her to click one of the links there, which claimed to be “PayPal Server 1,” but Meredith knew not to do that.
Looking more closely at the links, they appeared to take you to a site to download software that would let someone take control of your computer.
Meredith called the number again, told them she was a journalist, and got permission to record the conversation. The man told her she needed to be on her personal computer, not a work device. When we started asking more questions, he hung up.
We reached out to PayPal who said:
We have a zero-tolerance policy on our platform for attempted fraudulent activity, and our teams work tirelessly to protect our customers. We are aware of this well-known phishing scam and have put additional controls in place to mitigate this specific incident. Nonetheless, we encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.
Remember to always contact a company directly, instead of clicking on any links or calling any number in suspicious messages. If you think you may have given out personal information or been tricked by a scam, one of the first steps you can take is to freeze your credit.