Phishing for compliments

We use both PayPal and WorldPay to process payments in the Frockery online shop as we like to give customers a choice, and both of these third party processors provide an extra layer of security which we feel is well worth paying for.

WorldPay keeps changing its name as it changes hands and branding to reflect its latest ownership, but has never been anything but reliable throughout the years we have used it. PayPal may have its knockers, and we have admittedly read some horror stories from disgruntled users on forums and blogs, but we have always managed to reach a human being on the few occasions we have needed to.

Which brings us to the point of this post...

The problem of phishing emails is one that is a headache for everyone who uses the Internet and is becoming ever more so as email addresses are professionally harvested and then bombarded by fraudsters and rip-off merchants, usually from outside the UK.

PayPal phishing emails are among the most prevalent as PayPal is such a big company with so many users, many of whom may not be well versed in the intricacies of the Internet. Technology has advanced so rapidly in recent years that phishing techniques have become all the more sophisticated.

Yesterday we forwarded yet another dodgy looking email to PayPal's spoofbusters, one which looked and sounded more genuine than most but was still obviously phishy. Usually the spoofs can be quickly identified if the email has been sent to 'undisclosed recipients', but in this case it was personally addressed, so we resorted to checking the spelling. Phishing and bad spelling tend to go hand in hand as partners in crime, and sure enough, there were several clangers contained in the email.

At a loose end last night, we asked (rhetorically) on Twitter if there was any point in forwarding these emails to PayPal as they do seem to keep on coming at an accelerating pace.

Paypal tweet1

Lo and behold!  Within minutes of publishing our tweet, @AskPayPal responded to confirm that there is indeed a point in doing so, although 144 characters were clearly insufficient to elucidate further!

paypal tweet

paypal tweet

They did, however, suggest this website [] for tips on spotting spoof emails.

So the moral of this blog post is: always forward suspicious looking emails purporting to be from PayPal to without clicking on any links, then delete them immediately. Better to be safe than sorry, and always remember to check the spelling!

Thanks, @AskPayPal, for the personal touch on Twitter.