whats the scam

What's a real URL?

If I receive one of PayPal's monthly "View your recent transactions now" emails, I would expect the "Log in Now" link to end .paypal.co.uk or perhaps .paypal.com. Actually (by hovering over it) it starts

It redirects to paypal.com, so it's obviously OK, but, presumably, anyone could register a domain with "paypal" somewhere in it.

Actually, not "obviously". I wouldn't click on that link.

Indeed, I never click on links in emails, nor call phone numbers given in emails or texts or left as messages on my answering machine.

Of course, and my software would simply display the URL you list (since the original "log in now" text is not a URL, it can't list that as a phishing URL).

But I certainly wouldn't click on that to login. If it actually *is* a genuine URL, then Paypal are being decidedly dopey in trying to have people use it.

Quite. If you get an email from your bank etc that looks to be important go to your account on their site in your usual way. If it is important, the action needed will likely be there too. If not, probably not important.

Recently I got an email from my bank to tell me there was a message for me on their website once I'd logged in - and there was.

Email from Santander: "A reminder to help keep yourself safe from fraud" (Quotes my name and part of my postcode so it must be genuine.)

One of the tips is, "Never enter your Online Banking details after clicking on a link in an email or text message."

"If you think you?ve been a victim of a fraud or scam, or are concerned that you may have revealed personal or security details or information, please contact us immediately."

"contact us" is a link to

This redirects to

I've also recently received a couple of texts from Barclays Bank asking me to confirm my address _including the telephone number to phone_ (which was correct). When I rang them (using the number from my records), I told the lady who replied that I thought that was a security risk, but she didn't understand why.

[42 lines snipped]

Oh, I've people *call* *me* and demand that I prove who *I* am!!!

I had one of those last week.

Same here. You can have fun trying to get them to prove who they are. Before providing any of your details, obviously.

FSVO "fun", depending on who they are and what they want.

Well, quite.

+1

Me too. Sometimes I explain to them why this is a bad idea and sometimes I just hang up.

One reason I stick to using an ancient email programme. All posts are only displayed as plain text. Plus attachments. It will convert HTML etc to plain text, which then shows any true URL in a link.

No idea why some must have pretty colours and fonts just for what is basically a text document.

Anyone who sends out a Word document just as an email doesn't deserve to have it read. ;-)

I blame Microsoft for 6his.

[13 lines snipped]

s/have it read/live/

LOL!

I use an old (free) version of Mailwasher to do this. If I don't like the look of something it will allow me to delete it off the server and it will also 'learn' to recognise iffy emails.

A blacklist, whitelist and configurable filters are also part of it, along with the option to report to Spamcop. Which may, or may not, be worthwhile but it makes me feel better.

Thing is I didn;t get it from an email, I got it via a typo, I rarely click on email links even if I know they are genuie I temd to just type the address in, and my history searches in the broswer do the rest.

Which I do.

Sometimes when there's just one character missing it's not always obvious, I assuem that is why they do it.

You can do, that is how I think came up with paypay, by typing paypal wrongly. This is why companies can registar names siimilar to their own so this sort of thing either happens or deosnt happen depending who you are.