I almost fell for it…

It’s scary how easy is to be snared in an email “phishing” attempt. I have told you how to avoid phishing attempts several times in the past. Now get this – I almost fell for one of these scams just last week.

The particular email that arrived in my inbox claimed to be from PayPal. The subject was “Restore Your Account Access.” Normally I just delete these and go on. This time was different. My PayPal account had been restricted. I was eagerly waiting on a reply from PayPal that access had been restored.

When I saw the email I almost clicked the link. Almost. It is easy to see how people fall for these phishing attempts. What caught my eye and kept me from clicking?

First I took my own advice and just logged directly into my PayPal account. The account was still restricted and there was no new information to be seen.

Second was the very handy “Display Mail User Agent” Extension inside Mozilla Thunderbird. I use Thunderbird for my email and have several extensions installed. This particular extension does one thing – it shows an icon telling you which Mail User Agent (MUA) or email client was used to create the email. In this case it said the email was created in Microsoft Outlook.

None of my official email from PayPal has been written in Outlook. That should have been my first clue. Here is a picture of the false PayPal email along with icon from “Display Mail User Agent”:

This experience brought to mind a local news story from last year. It seems a lady had her eBay account hacked. She was adamant that she never shared her account details with anyone. Then she showed how she only clicks on links in emails from eBay. Obviously she was caught in a phishing scam and didn’t realize it.

What happened with my PayPal account? They restored access the very next day.