Recently I changed some details on a PayPal account that I set up, namely the email and postal addresses; a new email address was added and an old (though still valid) email address was removed. All went well with the change with the usual small flurry of emails to me to notify the changes (all, as is usual, addressed to the account name).
The following day I received this, supposedly from PayPal. The email text is in bold, my notes/questions are bracketed:
from paypal.com email@example.com (Who is "paypalf"? and the email should be from "firstname.lastname@example.org" anyway)
to: (yes just blank, the alarm bells really started ringing)
date: 7 July 2011 15:31 (not important but the day following changes that I had made)
subject: Your PayPal email has been successfuly changed (yes but all dealt with the previous day and this email account is not associated to any PayPal account at the moment)
Your PayPal email has been successfuly changed.
You have added email@example.com (address obscured by me) as a new email address for your PayPal account. . (the double full stop was in the email, not a typo from me)
If you did not authorize this change, check with family members and others who may have access to your account first.
If you still feel that an unauthorized person has changed your email:
*Please download and unzip the form attached to your email.
*Submitting this form will restore your PayPal account email.
Attached to the email was a compressed file called "email-form.zip". DO NOT DOWNLOAD OR OPEN THIS FILE it will contain something nasty that will not be good for you or your PC.
Here is what PayPal say about emails:
The email was forwarded and deleted as instructed. The reply from PayPal a couple of days later says:
The account concerned had not been compromised (I checked and all is OK), the email is just sent "on spec", hoping that we'll be caught out.
If I had not been "on the ball" I may have thought that this was a valid PayPal email and I could have acted upon it, especially as I had just added an email address the previous day.
If you receive any email like this from any company it is always safest to go directly to the website concerned, not via a link within the email, and log-in to check your account details, just to be safe and sure.