This screenshot is of an email I received today. As I have used Paypal in the past [some years ago] and as the so-called transaction info. is addressed to an ‘Andrea’, I did have a moment of total dislocation. Had the scammers hacked my financial information?
And then I thought to look at the sender:
I’m pretty sure that Paypal, the real Paypal, doesn’t use gmail to communicate with customers! Nevertheless, I did get a fright so I thought I’d share this scam so no-one else gets a fright…or god forbid…clicks on one of those nice, official looking links.
Why not? Because those links will not lead to anywhere good. They could lead to a site that downloads a trojan to take over the computer, or they could lead to a bogus Paypal page where they’re asked to enter their ID and password. The ID and password will fail, of course, but the scammers will now know how to access that Paypal account. Lose-lose.
If you even suspect that an email might be a scam, don’t click on any of the links! Danger Will Robinson. Danger!
As to how the scammers found me, that I don’t know. Did they send out millions of emails all addressed to women of different names in the hope that a few would hit the jackpot?
Or is there a database out there that contains my email address and first name but not my last name? That sounds a bit far fetched. I mean if they knew my email address and my first name, why would they not know my last name?
Or…given how often we’re asked to provide our email address, did some algorithm go through the data here, on this blog and profile me?
A quick check revealed that I’ve written twelve posts [counting this one] that are either about Paypal, or mention Paypal. Another check showed that ‘Andrea’ has been mentioned in 16 posts counting this one. One of those posts is actually about the singer Andrea Bocelli, but that’s still a lot of identifiers. Curiously, the one thing you won’t find on my blog is my actual email address. So how did they find me?
I may never know how these scammers do what they do, but I know one thing for sure, the person who owns the email address used by the scammers has been hacked. After I publish this post I’m going to email him/her and show them the same screenshot that you have seen. After that it’s up to them to work out how the scammers managed to hack their gmail account and use it to farm out scams to other people. Sadly, this person really doesn’t have anything to hide, not any more.