My wife has a gmail account but not a paypal account. Last night she had a series of messages starting with verify your account through to welcome to paypal. All to her email address but in a different name. They look genuine. No she hasn't clicked on anything.
Other than changing her gmail password, is there anything she can do or should do? Has this happened to anyone else?
I guess paypal won't be able to do anything if she contacts them as its not 'her' account and the phone number linked to it isn't hers....
Head over to
https://myaccount.google.com/security-checkup
Check other sites you use, eg Facebook security checker
Visit https://haveibeenpwned.com/ to see if your details are leaked online
You should also logout of all these sites (for all sessions if possible) and change the password
Alternatively it is a Phishing scam - DO NOT click on anything in the emails supposedly from PayPal.
Is her account something generic like janedoe56@gmail.com ?
Could be something as simple as someone putting the wrong number at the end of their email address when opening a PayPal account. And they are sat wondering why they haven't had an account confirmation email!
It *could* be a phishing scam, but you should be able to check by looking at the replyto address (is it actually PayPal or something else?)
But it's most likely someone's just mistyped their own email. We've got a gmail account ABshopping@gmail.com. We've watched someone in the states get married, have kids, move to Washington and use our email address rather than their own to sign up for all sorts of stuff.
I had someone in the UK who had myname@EMAIL.com rather then GMAIL.com and that would get misheard when they gave it over the phone sometimes but I've never worked out what our US freinds actual email is (I've tried various things and never got a response)
The same with password resets on stuff occasionally - mostly I'm sure typos rather than sinister.
but you should be able to check by looking at the replyto address (is it actually PayPal or something else
Again - BE CAREFUL. A common trick is to use visually similar URLs, so what a quick look may look like @paypal.com, could actually be something like @payaI.com.
Again - BE CAREFUL. A common trick is to use visually similar URLs, so what a quick look may look like @paypal.com, could actually be something like @payaI.com
Super difficult to spot in this context is there there are also two characters that look like a lower case A in the unicode character set. Theres a letter 'a' that you get when you press the A key on your UK/US keyboard. But theres also a Cyrillic character 'ɑ' which can be also used in URLs but doesn't represent the same letter.
Not so easy to spot the difference between 'paypal' and 'pɑypɑl', and 'paypɑl' and 'pɑypal'
Not so easy to spot the difference between 'paypal' and 'pɑypɑl', and 'paypɑl' and 'pɑypal'
Wow, that is subtle!
Wow, that is subtle!
Yep, that's why you should NEVER click on a link in an email – you should always go directly to the trusted website. (My example replaced the lowercase "L" character in "PAYPAL" with the numeral for "one". (Although I notice now that I also mis-spelt "PAYPAL" LOL)!
Last night she had a series of messages starting with verify your account through to welcome to paypal
Remember folks that a confirmation email also arrived suggesting that a previous "click here to confirm your email" was actioned.
But as mentioned most likely just phishing.
Do you also have 2FA enabled?
Super difficult to spot in this context is there there are also two characters that look like a lower case A in the unicode character set. Theres a letter 'a' that you get when you press the A key on your UK/US keyboard. But theres also a Cyrillic character 'ɑ' which can be also used in URLs but doesn't represent the same letter.
Not so easy to spot the difference between 'paypal' and 'pɑypɑl', and 'paypɑl' and 'pɑypal'
I wouldn't like to put 100% faith in it, but (most?) web browsers have blocked this sort of shenanigans for years now.
She does have 2FA.
She hasn't clicked on anything. As she has quite a high profile job in a high profile company , her details are on the net and her name is not common so its not much of a stretch for someone to try to put her name in front of a well know email client I suspect. Whats weird is that the emails from paypal have a random completely different name as the account holder yet are using her name in the email to set it up so its not a mistake or a typo but a deliberate fraud attempt.
I assume she should be able to go to Paypal and do a password reset, as that would send the authorisation email to her address.