Do not click on any links. Do not log in to your account.
It looks real…
I’ll give them some credit. This is one of the most legit-looking fraudulent emails I’ve ever seen, and I’ve had my share over the years. Most look like they were written by monkeys, banging on the keyboard and hitting SEND. This one however, has proper English, a Case tracking number, your Full Name, obscured links to satisfy the casually suspicious, and most importantly, it was routed through a legitimate domain and spoofed from paypall.com, a domain which is close in appearance to the real PayPal.
I’m mad that they have my email address and full name
There’s nothing you can do. Maybe you could change your email address or your name (kidding), but I suggest letting it go. These kind of emails typically happen in bursts and the perps have nothing to steal as long as you don’t feed them your login credentials through the fake website login they put up. A quick Google search for paypall reveals that this isn’t the first time they have used that domain to send realistic-looking PayPal phishing emails. If you’re wondering how they got your info it’s anyone’s guess really, but I have to believe that recent data thefts at Target or Adobe may be to blame for this latest round of email. Usually the hackers will harvest names and emails from a data theft and then just blast the list to see who has a PayPal account. There will always be a handful of unsophisticated newer users of the internet or PayPal who fall victim to this scheme.
I clicked on the link but I didn’t login
Change your PayPal account password immediately. The hackers are probably tracking the link clicks from the emails and know when your email address clicked through to their website. You didn’t login, which is good, but just knowing that you have a PayPal account using the email address they sent the message to ensures that they will match your email to other data breaches and look for passwords used on other sites. People reuse the same username/password often…opening themselves up to multiple points of vulnerability when a set of credentials is compromised. Even if you didn’t click the link, you really should consider changing your password regardless, that’s just good security!
As always, if you have any questions, you can leave them in the Comments and I will answer them for you.
Thank you and stay safe!