Scam emails used to be pretty obviously dodgy. The scammers have got smarter. Nigerian princes no longer wish to share their inheritance, nobody wants to sell us viagra, fake watches or sign us up to an online casino. We can no longer discard emails simply because an email purporting to be from your bank has more mistakes in spelling and grammar than seem credible.
In response we need to be more cautious.
The rules for dealing with any email are simple:
If it’s not “expected” assume it’s a scam until proven otherwise. That means finding a completely different way to check. Don’t use any information in the email to make contact. Email address, Phone number and web address can all be faked. Attached files are dangerous.
If it is “expected” mail or at least from a recognised legitimate sender, still be cautious, especially if there’s a suggestion or request to take some kind of action. Email address, Phone number and web address can all be fake and attached files may be dangerous; perhaps the sender’s email account has been hacked or the senders address has been faked to look like the legitimate one. Even including personal information about you, the apparent, sender or a common interest may be information harvested from the hacked email account of social media.
The example here is in many respects credible. It really has come from PayPal, it correctly quotes the recipient’s PayPal account name (not shown here) The money request is genuine in so far as, if you click Pay Now PayPal will process the transaction. The phone number may be legitimate (I’ve not checked) and all the web links do go to PayPal.
Obviously a transaction of £899.99 to an unknown person for an unspecified product I didn’t order don’t want raises several red-flags but a small transaction to a recognised name for something that might be reasonable might draw less attention.
The scammer has used PayPal’s “money request” service to send you an official PayPal email asking you to send them some funds. Friends can use this service as an informal but relatively safe way of splitting expenses after a night out, asking for help paying a bill, or even to get paid for small tasks such as cleaning, gardening, baby sitting, and so on.
In addition be aware of the sunk cost fallacy. An example is where you have parted with a small sum for goods or services that don’t get delivered. When you chase it up there’s a request for an additional payment, perhaps customs processing charge or “sold out but we can give a [massive] discount on a newer better alternative for only £[…] more.” You’re reluctant to write off the initial payment so send more. In some cases, in particular investment fraud schemes and romance fraud, the cycle can repeat in some cases dozens of times resulting in very serious financial losses.