How Can People Fall For This?

Every once in a  while I get a spam message that just makes me stop and shake my head, astounded both at the stupidity of spammers, and the gullibility of the victims who fall for this crap. I got a spam message the other day that was properly identified and flagged as spam, but I have to wonder how many end users would have seen this and thought to themselves…

“OMG! I can’t let my account be deleted! I must click on that link immediately to save my PayPal!” Have a look at this message and tell me how long it took for you to identify it as spam.

Subject: Your PayPal Account Well be Deleted

If you’re a regular reader of this blog, I’m betting less than two seconds. I love how they signed it “The Team”. The PayPal logo looks close, and they did that just using HTML to set the format and colors  Not too bad there. They obviously took the time to play around with fonts and colors  rather than just downloading the real logo complete with the little TM, but hey, A for effort there. Of course, that they didn’t spend 30 seconds running this thing through a spell checker is probably the saving grace for many of us.

The rest of the message is interesting enough. They sent it from a server that is not on a blacklist, yet. They set the reply to address to match the domain they are actually sending from, and that server actually passes the SPF record check as an allowed sender. It wasn’t a soft fail.

So to most spam filters that haven’t tripped to the fact that this is a phishing message by looking at the content, this message would sail past. Only a well-developed and healthy sense of paranoia, coupled with a grammar nazi’s nose for poor spelling allowed me to spot this instantly. Did you?

Civilization will be doomed on the day that most spammers actually take the time to spell check their messages, or run them past a native speaker of the target language. This message would actually get past most filters. I know I cannot always find Waldo in those pictures, and not everyone who reads this blog has English as their first language, so here’s a hint. Look at the subject line.

The truly ironic thing is that if you were to analyze the HTML of this message, the link to what is undoubtedly a phishing site (but I am not following it, just in case it’s hosting malware!) has a typo in it that would render it unreachable if you just clicked on it. The site it should redirect to is under a Brazilian domain, but the webserver is hosted by a company based in Houston, Texas, US.

If you have friends or family who fall victim to phishing attacks, show them the picture above, review with them how to look at a message and see whether or not it is spam, and them perhaps point them to our series on talking about spam. The holiday season is just around the corner, and you can be sure we’ll see a rise in both spam and phishing messages starting pretty much any day now. We’ll cover the most egregious offenders here, but the best thing you can do for the non-techies in your life is to raise awareness now.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.


  1. Jones · October 16, 2012

    Well, to answer your question, there are many possible reasons. First some just don’t pay attention to the technical details such as the color or shape of the logo. As long as it says Paypal, they take everything as real. Second, not everyone is really familiar with PayPal. They use the service sparingly, so I don’t think they’ll know the difference between real and not. It’s truly sad indeed that a lot fall and eventually get scammed. But I don’t think face-palming helps either. Go on and spread some education instead of writing something like this. It’s kind of offensive.

  2. Maria Ortiz · October 16, 2012

    To a seasoned user, this message screams SPAM right from the start but anybody else, it looks perfectly legit. Since PayPal is known for closing accounts for various reasons, the steaks are too high, and I must admit that even I myself could fall for it simply because I use PayPal. However, before I click, I almost always check the link and if the link is suspicious, I usually go to the site directly to see what’s going on.

  3. Jordan Rutherson · October 16, 2012

    For someone learned, this is definitely a huge joke. But we also have to take into consideration that there are also a lot of people who aren’t as knowledgeable as us when it comes to spamming and other types of cybercrimes. I am not making an excuse over their lack of judgment. What I’m trying to say is that instead of focusing on the victim, why don’t we give our utmost attention to the perpetrator? Most of all, why don’t we try to be more proactive? Surely if we give more education or training, there will be fewer people who will fall into this scheme.

  4. Martin Scowski · October 18, 2012

    Yup, this is an ultimate face palm story. I get what others reading and commenting here are saying. Don’t blame them because they’re victims, after all . . . blah blah blah. But seriously dude tell me who doesn’t know about spam? As long as you’re online, you get to hear about it at the very least. Besides, only a person who doesn’t think wouldn’t know the difference between this and a real Paypal e-mail. Come on, once you’re online, be a little bit smarter and read the lines very carefully. In fact, go beyond the lines. Does it sound too good to be true or a bit suspicious? Then it probably is!

  5. Martin P · October 26, 2012

    This is the sort of thing that should be taught in beginners’ computing classes, and I don’t just mean in school, I mean in adult education instead. My aunt’s been to one of those classes and it seems all they teach you is how to use Word.

  6. Joana Dumas · October 26, 2012

    I had paypal for a long time. A “real” paypal email starts off with “Dear (your name) not User. It’s so crazy how people scam people online just to get money. Its best to check the link if the site doesn’t seem real or type the direct site on the web address to see if there are any messages or even give them a call to see if they actually sent that email.

  7. Nick M · November 27, 2012

    2 seconds….I didn’t even get past the subject before thinking SPAM!!!! I feel sorry for the millions of fools that are taken in by the third grade literacy that most of these emails are composed of.

Leave A Reply