I recently received this email purportedly from Pay Pal:

You have initiated a payment for €100 to darkynigeri2@hotmail.com

*Payment details*

Amount: €100.00

Transaction ID: 5C53687F7327933R

Because the payment was made from an foreign ip address, we put the transaction ID 5C53687F7327933R on hold.

To see details about this payment, please follow the link below:

I did not include the link because to follow it means you would open your computer to potentially dangerous material..however, I did contact Pay Pal, and they determined the message was a ‘phishing’ attempt, and they sent me the following two messages I thought might be helpful to anyone else who receives such a request. The ‘phishing’ giveaway was they did not use my name at the opening of the message.

Thanks for forwarding that suspicious-looking email. You're right - it was a phishing attempt, and we're working on stopping the fraud. By reporting the problem, you've made a difference!

 Identity thieves try to trick you into revealing your password or other personal information through phishing emails and fake websites. To learn more about online safety, click "Security Center" on any PayPal webpage.

Every email counts. When you forward suspicious-looking emails to spoof@paypal.com, you help keep yourself and others safe from identity theft.

Your account security is very important to us, so we appreciate your extra effort.

Thanks,

PayPal

And this follow-up email from Pay Pal on what to do the next time I get a similar ‘phishing’ email.

Thank you for partnering with PayPal to combat fraudulent emails.  We take reports of suspicious email very seriously.  Your submission helps us identify potentially malicious activity and take the appropriate action needed to protect our customers.

Did you know that approximately 90% of all email sent worldwide falls into the spoof, phishing, spam, and general junk category?  By submitting reports of suspicious email to us you are helping to address this problem.

To help you identify suspicious email, below are a few things that PayPal will never do in an email communication:

  1. Send an email to: "Undisclosed Recipients" or more than one email address 2. Ask you to download a form or file to resolve an issue 3. Ask to verify an account using personal information such as name, date of birth, driver license, or address 4. Ask to verify an account using bank account information such as bank name, routing number, or PIN number 5. Ask to verify an account using credit card information such as credit card number or type, expiration date, ATM PIN number, or CVV2 security code 6. Ask you for your security question answers without displaying each security question you created 7. Ask you to ship an item, pay a shipping fee, send a Western Union Money Transfer, or provide a tracking number before the payment received is available in your transaction history

Any time you receive an email about activity to your PayPal account, the safest way to confirm the validity is to login directly to the PayPal website and review the relevant section. If you see suspicious activity, you would do the following:

  1. Open a new browser and type in "www.paypal.com"
  2. Log in to your PayPal account.
  3. Click "Activity" near the top of the page.
  4. Click on the suspicious transaction to expand the details.
  5. Click "Report this as unauthorized"
  6. Complete the report process on the next screen.

If you have any other questions about PayPal security, please visit the PayPal Security Center.

Thanks again for your help.

PayPal Security

Please keep these tips in mind should you receive such a request. DO NOT open any attachments included in the email, and report it immediately to the proper authorities.

I hope this helps you stay safe online!

- Peter Christian