Amex Personal Key Scam

Yet another phishing scam.

Got this one supposedly from American Express today. Pointing to a link in the email message clearly showed that clicking a link would not take me to an American Express website:

American Express Scam

Compare the look of that email message with the top of a real one from Amex:

American Express Legit message

Note that the real one includes my full name and even the last five digits of my credit card number (which I’ve blurred out here). When I point to a link in that message, the URL goes to a page at americanexpress.com.

Don’t be fooled! If you get a message from a bank or credit card company — or any other organization on which you have an account — go directly to that organization’s website by typing in the URL. Do not click a link in an email message. It may take you somewhere you don’t expect or install software that can infect your computer with malware.

Yet another PayPal Phishing Scam

This one tells you to confirm your email address.

Did you get an email message from PayPal today? One asking you to confirm your email address?

I did. In fact, I got two — to two different email addresses, neither of which have ever been used for PayPal.

But that’s not what tipped me off to this being a scam. It was simple: I looked at the links before clicking them and saw that they led to a site that wasn’t PayPal.

Another PayPal Scam
In Mac OS, you can point to a link to see its URL. Also note the sender email address — clearly not PayPal.

I admit that this one looks pretty convincing. They got the graphics all right and there’s no obvious typos. But there is one clue in the body of the message that should raise red flags: they didn’t use my name anywhere in the message. PayPal (and my bank and other organizations in which I hold accounts) have my name and should use it on all communications, automated or not.

But of course I’d never click a link in an email message from an organization in which I have an account, would I? Would you? I hope not!

If you get an email message like this, purportedly from PayPal, that asks you to “Confirm your new email address,” either mark it as spam or just throw it out. Don’t click any links in it. In fact, if at all possible, don’t even open it at all.

Paypal Watch Receipt Scam

This one almost fooled me.

Will the phishing never stop? This email message, which looked remarkably legitimate to me, thanks me for sending $149.49 to a stranger for the purchase of a watch.

Paypal Watch Purchase Scam

I first received it on my iPad, which does not allow me to see where a link points to without clicking it. On my iMac, however, pointing to the link revealed that it went to a php script on a website that was definitely not PayPal.

Remember — if a suspicious email arrives, resist the urge to click a link in it. Instead, go directly to the site purportedly sending the message by typing its URL in your browser’s address bar. In this case, I simply went to www.paypal.com, logged into my account, and checked to see if a transaction had really been processed. Of course, it had not. The whole thing was a scam.