Some of the more interesting spam scams of recent months trick PayPal customers into divulging personal or financial information by asking them to log into Web site that looks very much like PayPal’s own.
They’ve been around for a while but appear to be growing more sophisticated and more convincing of late, Vancouver’s Derek K. Miller writes in TidBITS. But you can still spot them easily, he says, if you know what you’re looking for. Among the handy giveaways:
Every one I have seen has errors in design or language that are unlikely in correspondence from a legitimate company. The writers might misspell words or use them sloppily (such as writing “e-mail” in one place and “email” in another), use slightly inconsistent font sizes, or have spaces missing between words. Often the phrasing that isn’t stolen directly from PayPal’s own pages is off-kilter and strange, obviously not written by professionals. Another giveaway is URLs that point at IP numbers or other domains rather than the paypal.com domain.
We received a couple of these messages at the office a few weeks back. Frankly, we were impressed by how convincing the scam site looked at first. But two things gave it away: 1) the scam site used an IP address instead of a recognizable domain name; 2) the recipients didn’t have PayPal accounts.