It still surprises me the number of people that get taken by these types of spam emails, normally leading to malware installs, identity theft or other annoyances of life in the digital age. For me I hardly ever click on links in an email if I'm not expecting the email from someone already in advance. Even then I take a few quick seconds to scan the email and look for anything that seems fishy to me. Or should that be "phishy"?
Can you spot all the issues with this email I recently received:
- Misspelled the name of the company in the sender's name "Paypl service"
- Spammy looking email address! - this isn't always a reliable tell-tell sign to watch out, but more often than not it should give you a heads up. In this case the account name (prior to the @ symbol) seems odd, and in this case the server the email is coming from is also pretty sketchy looking
- Not always a red-flag (sadly) but there's numerous instances of letters being capitalized in the body of the message that shouldn't be if following standard grammatical rules
- Although not an alert all by itself, anything I see a link that's formatted as a button, I know there's opportunity for the things to be hidden, in this case we look at where the link is going to go by hovering over the link with our mouse in the browser and our browser telling us where in the bottom-left-hand corner
- Look at that link! //cat.jp.as.criteo.com/ now I'm going to stop right there because it's interesting to note that "Criteo" is a legitimate advertising platform, so these spammers appear to be either absolutely tracking their efforts of success or potentially spoofing this further to obscure their ploy. Taking a further look at the remaining part of the URL you'll see another website address being include after the "?r=" query string. That leads me to believe that link is being redirected even further to help cover their tracks
Here's another quick Public Service Announcement for you, don't just go clicking on links in emails even when they look like they're coming from legitimate sources.
In this case, if you did indeed have a PayPal account and you were worried about it. Go to their website directly by opening your browser and typing in the URL of the company directly and visiting the site that way. Login to your account and see if there are any warnings or alerts posted there. If the company has a chat feature for support, send them a chat and have them verify if there are or are not any issues with your account that need to be addressed.