whats the scam

sometimes its just in the link which is to malware, or an attachment which is a script. Not necessarily anything to do with hotels

Yes. I recently received an email, purporting to come from Paypal, referring to some train tickets I'd never heard of. The link to query the transaction took me to ppaypal.co.uk where I was invited to log in. I reported it to Paypal (the real one) as a phishing attempt but never heard back from them.

Another Dave

Why would you? It's nothing to do with paypal, so they can't be responsible to sort it out.

Because their website specifically encourages you to report such attempts to them.

Another Dave

And they can then request that the relevant DNS registrar removes the entry for the phishing site as it is "passing off" and/or have their ISP remove the site itself.

In my case it's invoices for services or products I've never ordered from Companies I've never had contact with.

Surely, honest Companies that recieve one of these spurious invoices are never going to pay them. Or will they? Are they that stupid?

petefj

I usually get emails claiming to be payments or requests for quotation that require me to open a MS Word document.

Which generally contain Word macro viruses. Well done, MS! Executable content in documents! What a cracking idea *that* was!

I'm afraid it used to be the case that a lot of large companies paid invoices under a certain value automatically, because it wasn't worth the cost of querying them.

But they aren't invoices, are they. They're Win executables which then run.

Phishing / malware are the obvious ones. however one variation I have seen reported is if you make contact with them to contend the invoice, they will claim its a mistake and offer to refund it. They then take you card details to issue the refund. They tell you you will see a refund from xyz corp, matching the payment made to xyz corp - but warn it may be in the following month. The plan being now they have card details they can make a charge, and since you were forewarned about the charge you may not contend it until the refund fails to show up the month after.

I frequently get email intended for some old chap who gets his email address wrong. Our email addresses differ by a single digit, but one of the emails had his address and phone number so I gave him a ring and passed on his emails.

The world is awash with email addresses that have been stolen and sold to marketing and other companies.

The easy way to validate these is to send a spurious email and hope for a reply.

The easiest way to get a reply is to send an email implying that someone has spent their money unwittingly.

It works better even than telling them they have a zillion pound legacy in Nigeria or have won the Euromillions (without even taking part).

I've forwarded a few emails to snipped-for-privacy@paypal.com and had a reply thanking me.

I was surprised to get a Nigeria scam email last week. I thought they had long since died out.

I informed paypal when I got an email that when I hovered over the URL it came up as paypay and looked very much like their site, asking to log on ... anyone doing this would be suppling their ID to that 'company' paypay, and then they could access the person paypal account. I just thought they should know that someone might be trying to impersonate them as a type of ID theft. Thinking maybe they might put out some sort of warning or get the paypay site closed down.

And ppaypal is ominously close to paypay, one which paypal should have registered and redirected to their main URL.

This is why two-factor authentication is a boon. Particularly if it can be delivered via an app, rather than SMS.

Do you guys really bother reporting every scam email?