Today I got an intriguing email. The email was a confirmation from PayPal. It said that we had spent $150 on an online order. Since the company does not have a PayPal account, I knew it was a scam – a Phishing Scam, where some con artist is trying to get access to our account. When you click on the links in the email, you are taken to a fake PayPal page where you are encouraged to log in and verify the purchase (or deny it), and then the fake website captures your real log in details and the con artist can then empty out your PayPal account. Any good back office person knows – you never click on links in emails from financial websites (because it’s easy to “cloak” the website links). You always go directly to the original website and log in there.
Obviously the PayPal notice was a con…but it got me thinking. Our company does not have a PayPal account…but we could. It only takes a few minutes to set up, and then you can make payments from any checking account or credit card account that you link to it.
So I opened one.
Then, I went online and made a purchase to Office Depot.
When I checked the bank balance online, I saw that the payment was debited as a PayPal account to Office Depot. As far as I’m concerned, the explanation from the bank is simple enough to satisfy the boss. Now, I don’t need to forge checks unless I really want to.
Now the only question is…what should I buy?
In this mini story, there are actually two cons I’ve brought up: The Phishing Scam and The PayPal Weak Link.
The Phishing Scam is an actual scam where a thief sends a fake email encouraging you to click on the link in the email. By doing so, they can capture your login information and then clean out your bank accounts. PayPal Emails are the most common financial cons. After PayPal, sending emails from banks would be the second most common way con artists get information from their victims.
There are three easy ways to spot these scams:
- Banks and financial institutions have standard, precise emails already created that always use the same verbiage. Phishing emails, on the other hand, often have misspellings and/or sentences that don’t make sense. If anything doesn’t seem right with any financial institution’s email, it probably isn’t from your financial institution.
- When you open the email, you will see the “From” address is not necessarily from the financial institution it claims to be from. Whatever is after the “@” sign is the website address. Anything in addition to the normal address probably means the email is a scam. (For example: …@paypal.fakesite.com or …@fakesite.paypal.alerts.com.) Both the paypal.fakesite.com and the fakesite.paypal.alerts.com are completely fake because whatever comes before the .com is the site. That means, these sites would be fakesite.com and alerts.com…not PayPal.com.
- And finally, banks and financial institutions openly encourage customers to NOT click on links from their emails because Phishing Scams are so common. Instead, they will tell you to go directly to their actual website to log in so that you can verify if the email is from the bank or not (and thus the alert is fake or not).
Also, it’s common to get emails from banks you don’t even have an account with. If that happens, obviously you can ignore those…but if you are concerned that an embezzler has opened an account in your name, just print out that email and go down to the bank to see if you have an account or not.
AND when in doubt – go directly to the source…never click on the links in an email from a Financial Institution.
As for the second con – The PayPal Weak Link:
It is very, very easy to open a PayPal account and link it to a checking account…any checking account. PayPal has a very simple verification process, which means that creating a PayPal account is easy for anyone with access to your checking account information, including your bookkeeper. From there, it is very easy to steal money because PayPal and the bank account link together in order to create instant money transfers. Plus, money can be sent to anyone with another PayPal account, and everyone takes PayPal these days (including airlines and other travel agencies), so stealing becomes very easy.
Therefore, to protect yourself from someone linking a PayPal account to YOUR checking account, you need to link it first. In other words, you need to be the one to create a PayPal account with your checking account. PayPal only allows a checking account to be linked ONCE, which means no one else can use the checking account information. Once you have linked it, keep that information to yourself. There’s no need to share it with your bookkeeper or anyone else because business’s should stick to using Bank Bill Pay and writing checks…Period. PayPal should only be used by one person…the creator of that account.
Thus, if you don’t have a PayPal account, start one immediately in order to protect your checking account. If PayPal does NOT let you create a PayPal account, then an embezzler has already linked to your checking account, and you need to consider closing it. This is one of those huge companies that you just can’t avoid, and you really shouldn’t avoid.