I just received a notice from "Paypall" about a second notice in regards to a limit placed on my account.
Couple of things I noticed right off
- the email didn't go into the sub-folder specifically set up to sort notices from "paypal".
- it was from "email@example.com" (notice the 2nd "l" before .com)
- the link I was supposed to click was http:// rather than https://
- and even worse the full address was http://www.paypal.com.(a-whole-bunch-of-numbers-and-letters).(another-string-of-letters-and-numbers.com/etc...
Notice the everything after the first .com leading up to the 2nd .com
In this instance the www.paypal.com part is a sub-domain to the actual registered domain which is (everything-after-the-first-dotcom-and-before-the-second).com
It's made to look deceptively like the main domain is paypal and the rest is a bunch of coding jibberish you see in a lot of urls.
If I didn't know better I would have been really concerned since the rest seemed very "Paypal" official so...
Like I've always done I logged onto paypal directly by typing the address into my browser. Then following the instructions as they were laid out in the email I reviewed my account and found... nothing out of the ordinary.
Next I forwarded the email to firstname.lastname@example.org
Then came here to let you know since the email sounded almost exactly like an email another warrior had received a few days back.
So keep your guard up!