I received this spam today. The email looked exactly like the PayPal receipt online or via email. When I clicked on the "https://www.paypal.co.uk/helpcenter/open_dispute and get a full refund.", it took me to http://friendsforanimalsfl.org/modules/search/tests/t/fsfdsfd/new/login.html?webscr=cmd_login Logging in to the URL on the second line above took me to the PayPal log-in page.......which was just like the official PayPal page. I opened up another tab and logged into PayPal and noticed there was no such recent activity, so, I changed my PayPal password immediately. I should have noticed that "PayPal" was "Pay Pal" with the space and also the exclamation marks in the header........... ========================================================================== Your Payment to Skype, Receipt Nr. 025975155 !!! Pay Pal (sales@skype.com) 09:54 To: xxxxxxxxxx@hotmail.com (email was correct) Show this message... From: Pay Pal (sales@skype.com) Sent: 03 April 2015 09:54:44 To: xxxxxxxxxxx@hotmail.com (email was correct) You sent a payment of 39.00 GBP to Skype (sales@skype.com) Merchant Skype sales@skype.comInstructions to merchant You haven't entered any instructions. Shipping address - Unconfirmed United KingdomPostage details The seller hasn’t provided any postage details yet. DescriptionUnit priceQtyAmount 3 month subscription39.00 GBP 1 39.00 GBP Subtotal39.00 GBP Total39.00 GBP Payment39.00 GBP Payment sent to sales@skype.com If you haven't authorized this charge, open a dispute at: https://www.paypal.co.uk/helpcenter/open_dispute and get a full refund.
It's a lesson learned never to click on an email link from a financial institution. Banks are not supposed to put links in internet banking in emails but some still do. With PayPal, I suggest you also enable 2nd factor authentication, for which I use the Verisign app though I think you can also receive SMS instead. While you are at it, enable 2nd factor authentication on eBay, Google, Yahoo, Microsoft, LastPass, Facebook and any other site where you can enable it; it may not be absolutely foolproof but it sure adds an extra layer of security to logins. The FIDO Alliance looks set to make logins even more secure in the coming months/years, assuming it is universally adopted... https://fidoalliance.org/google-lau...versal-second-factor-fido-u2f-authentication/
I use my own domain name for emails - in other words, I don't use the likes of Hotmail, Yahoo and AOL, etc, but I still get these everyday. Just this morning I had a spam email telling me to confirm my Barclays bank account, even though I don't have an account with them. In my experience, Gmail (or Google hosted email as I have) seems better at detecting phishing emails that Hotmail or Yahoo, but as you say Mike, the spammers are getting more cunning.
The funny thing is Rob, my post above just showed the words copied over but the actual email was exactly like it should be if it came from PayPal.
I use Gmail. I didnt know that it was better at detecting phishing email. But now that you mention it, it does seem better than Hotmail, which I also use.
If I am unsure about a legit looking email, I check the actual email address it is from, which if dodgy, is normally completely different to the one that it makes out to be.