I almost fell for a phishing scam: It happened here
I often spot phishing scams easily, but about a month before writing this piece, I almost fell victim to one. It was one of the most likely emails I received, which made it even scarier. Fortunately, I acted quickly to minimize the damage.
What did the scam look like?
I was innocently checking my Gmail inbox one afternoon. Most of the news was nothing to shout home about, but one in particular was.
His subject?
“Your invoice for $999” from an account claiming to be PayPal. According to this email I bought something from eBay. For context, I’m based in Denmark and we don’t have eBay here. I haven’t used the website in over four years when I lived in the UK.
Although I have heard of common scams on eBay, this was the first time I thought someone had used my account. So, as anyone would do, alarm bells started ringing in my head. Has someone stolen my payment information? If so, how did they get them?
Why did I almost fall for the scam?
While I am familiar with the most common phishing attacks, this scam was initially legitimate for several reasons. First, Gmail didn’t flag it as unsafe and it ended up in my main inbox. Gmail is often very good at identifying when someone is trying to scam you. I usually get this message:
Another reason this scam attempt looked legitimate at first is because it used the same formatting you’d expect from a PayPal invoice. I use PayPal quite often and its brand is quite well known. To their credit (I think), the scammer did a good job impersonating the PayPal invoice. It’s obvious that someone has spent a lot of time learning how to use design software.
Third, the email had good spelling and grammar. One of the easiest ways to detect phishing emails is by using poor English, but this time it wasn’t.
Why I realized I was cheated
I will always adopt a zero trust policy with my emails if I know I have not purchased a product or service. Being on high alert, I began to look for signs that I had been duped; I usually get a notification when money leaves my PayPal account, so I checked my phone first. But I couldn’t see anything, so I started digging deeper.
Second, I didn’t see any verified check next to the email. Every PayPal email address I’ve noticed in Gmail has a blue checkmark, but that wasn’t the case with this scam email. For example, when I contacted PayPal about the issue, you can see a verified check next to their official account:
I also realized that the email address was not associated with PayPal. Although it is quite similar, it did not use the official PayPal domain.
How I minimized the damage
Unfortunately, there are many PayPal scams out there, and while prevention is the best option, sometimes you’ll need to go into damage limitation mode. I have taken some major precautions to minimize the potential impact which I have listed below.
1. I didn’t reply to the email
It was vital to take a step back and not do anything I might regret, like replying to an email. The scammer won’t admit they’re trying to take money from you, and I’d gain nothing by doing so.
Instead of replying to the email I received, I later contacted official customer support. While I initially deleted the message, I reversed it so I could turn it over to the authorities.
2. I didn’t pass on any important details
Sometimes you will receive scam emails that ask for sensitive information such as your bank details. You should never provide these details under any circumstances. No company will ask you to send this information via email, so you are putting yourself at unnecessary risk.
I made sure the cheater didn’t have access to anything important. They clearly knew my PayPal email address because they wouldn’t have been able to message me otherwise. So I changed my password. This experience also reminded me how important it is to enable two-factor authentication (2FA) for your PayPal account.
3. I checked my bank statements to see if the money had gone out
In addition to securing my PayPal account, I also wanted to confirm that someone couldn’t access my account. My next step was to check the linked bank accounts and statements to make sure there weren’t any strange invoices. Fortunately, they weren’t.
I have already been scammed once and when it happened I immediately canceled my bank cards. Because I acted quickly, the bank could also cancel the transaction. So this time I adopted the same principles.
4. I reported a fake invoice to PayPal
It would be very easy to sit back and relax after confirming that I was not the victim of a phishing scam. However, I also didn’t want others to experience what I had. PayPal has an email address that deals with phishing attempts and I forwarded the fake invoice to this.
I don’t know if it helped, but at least I did my best. There are a few other things you can do to determine if a PayPal email is genuine or phishing before sending it to the company.
5. I deleted the email and didn’t click on any links
You should never click on links from emails you don’t know, and I used the same logic in this situation. Even if these links looked like they were from PayPal or eBay, I didn’t want to risk infecting my computer with malware.
Once I sent the invoice to PayPal, I deleted the email and blocked the sender address. At most, any future scam attempts should end up in my Spam folder, not my main inbox.
My advice to anyone who might fall victim to this scam
If you receive a phishing email, I recommend doing everything I did here. Always look for subtle details that could be a red flag, such as illegitimate email addresses and no verification ticks. Never reply to the message or click on any links.
You should also check your bank account and contact them to let them know what happened. If you use eBay, I recommend contacting their customer support team to make sure no one has bought anything from your account. In addition, you should check your purchase history.
It is also important that you do not give any sensitive information to the scammer. If you want to go a step further, your email client should allow you to report the message as phishing.