Online ecommerce has become a multi billion dollar industry, and with all of those dollars floating around in cyberspace, the opportunity for fraud and scams is ever present. As Internet users, it is our responsibility to take some precautions that will make our online transactions safer.

One area we need to take responsibility for is protecting our online payment information. Online payment providers have come and gone, but one of them, Paypal, has been around for a while and is still the target of scammers. While this may be alarming, there are actually some very simple steps you can take to keep your Paypal account safe from scammers.

1. Never Click on Any of the Links Listed in a ‘Paypal’ Email

No matter how official the email you get from Paypal looks, never click on any of the links in the email. Instead of clicking on the links, open up a browser window, and type in paypal.com to go directly to their site from you browser.  Paypal itself has also said this.

As a rule of thumb, only log into the Paypal site if you type in the address into the address bar of the browser yourself.

If you get an email that seems official, but looks suspicious, then forward the email to spoof@paypal.com where they will be able to tell you if it was a valid email from them or not.

2. How to Tell if the Email is Legitimate

If you get an email from what appears to be Paypal telling you that your account has closed or some other urgent matter, there are things you can look at that will give you a good idea if the email is legitimate or not.

The way to do this is to select the menu selection in your mail program that allows you to look at the source code for the email. Locate the link (just search the page for the link text that sends you to Paypal  and you should find the http:// link).

The link should look something like the following:

< a href=’http : //{urladdress}’>{link text you just searched for}< / a>

here is an example of a spoofed link..

http://ipox.xx.com.my/xxxxxx/paypal.com/xxxxx

Notice that the domain name is actually ‘ipox.xx.com.my’.

You can see a paypal.com in the line, but that is actually the name of a directory in ‘ipox.xx.com.my’. If you click the link in the email, your browser will actually go to ‘ipox.xx.com.my’, which will be a very official looking Paypal page, but will not have any association with Paypal whatsoever. Users will think that they are at paypal because they see a paypal.com in the URL in their address bar, and they see the Paypal login page, but they couldn’t be more wrong!

 

Another spoof type link created to fool you may look like this:

http://paypal.com.xx.ru/xxxxx/yyyyy

Here the actual domain name is xx.ru and the paypal.com are basically a sub directories under the xx.ru

These poor unsuspecting users will type in their username and password and will get a message such as the site is down for maintenance or some other fake message about why they can’t see their account information. At this point it is too late. They have given a phisher (scammer) their real username and password.

3. What Do Some of the Spam Email Messages Look Like?

These artificial phishing (scamming) messages come in many forms. One form is the typical ‘Your account is going to be deleted if you don’t log in right away’.

Another message looks something like, ‘We have seen unusual activity on your account and it has been suspended’.

Yet another message, and this style seems to be newer, is “Receipt of your payment to SOMECOMPANYNAME”.

If you will notice that all of these messages get to the heart of human behavioral responses and put us immediately into an emotional state where we are less likely to use are intellect and just immediately react to the message. If we imprint tip #1 into our brains, which is never click on any of the links in an email that looks like it comes from Paypal, we can help to overcome this reaction whenever these or other messages appear.

 

4. What to Do If You Entered Your Paypal Account Information into One of These Phishing Sites.

If you got caught up in the emotion and entered your Paypal information before you realized it was a fake scam site, you should immediately go to Paypal.com, log in and change your password. You should also monitor your account for any unauthorized activity. Should you see any activity, immediately fill out the ‘unauthorized activity form’ found in the ‘Protection Policies’ section of the help center on the website.

If you are really feeling vulnerable, call the support desk and immediately report the incident to a support specialist.

We can make our online Paypal transactions safer by using the tips listed. While there certainly are exceptions, many of these online fraud situations occur from mistakes on the part of the user, and not the payment processing company, or merchant. Online safety 101 should be a mandatory class for anyone entering the Internet world today, however using a good dose of common sense will take you quite far.