Paypal is an important payment processing partner for many online businesses – so when PayPal sends an email about your account, it’s important to take note. Unfortunately, scammers also know this.
I estimate that over 95% of all emails I receive from “PayPal” that make it past my spam filters aren’t from the company at all – just bottom feeding scammers trying to grab my login details. Most of these notes are quite amateurish, but some are so well done, it’s understandable that some people get caught out.
The good news is you don’t even have to open these emails to determine if they are legit or not if you’re using a desktop email application such as Outlook or Thunderbird – all you need to do is look at the header.
An email header is behind the scenes info that contains information showing the point of origin of an email. To view the header info:
Highlight the message, select “View” on the menu bar and click “Options”.
Highlight a message, select “Properties” from the File menu. Then click the “Details” tab, followed by “Message source”.
Highlight the email and on the menu bar click View, select Headers and choose “All”.
What you’re looking for is a line very close to the top that starts with “Received from”. Here’s some examples:
Received: from dd11308.idiotscammer.com (dd11308.idiotscammer.com [xx.xx.xxx.xxx])
.. this is not a legitimate PayPal email
Received: from paypal.idiotscammer.com (paypal.idiotscammer.com [xx.xx.xxx.xxx])
… neither is this
Received: from phx01imail01.phx.paypal.com (mx1.phx.paypal.com [18.104.22.168])
… this is legitimate
The key here is the domain mentioned *immediately prior* to the .com. If that domain isn’t Paypal, then the communication is fake.
Even if the email does appear legitimate, a further safety precaution is to never log into PayPal via a link in an email. Go directly to the paypal.com site and log in from PayPal’s home page.