Some PayPal users have received emails informing them that they have won €500 that just needs to be retrieved by logging into their account. However, there is no cash as the email was sent by mistake.
While many people would assume the email is a phishing attempt designed to get them to click a link that will harvest their precious username and password information, in this case they’d be wrong, although phishing scams and highly-visible payment processors like PayPal go hand-in-hand.
Indeed, on this occasion the email had been sent in error, PayPal Germany’s Facebook page has confirmed.
“Unfortunately, this e-mail has been sent due to a technical error. For this we apologize. The draw has not yet taken place. We just identify the transactions of our customers who are eligible. Then it will be our raffle among the eligible customers and the winners will be notified in a separate e-mail,” [Bing Translation] a company spokesperson wrote.
Some PayPal users began reporting on Twitter on Friday morning that they had received the email (in German) telling them they had won a €500 prize. A Google translation of the message is below:
“Congratulations, you are one of the lucky winners! Look at the same time in your PayPal account after, because there we have you credited the 500 euros. You can redeem your earnings immediately. By the way, we still have many more great ideas to make your summer even better,” it said.
Upon logging into their account, users, such as Vidar Andersen, disappointingly found that there was in fact no €500 waiting for them.
— Vidar Andersen (@blacktar) June 7, 2013
Fanning the flames of confusion around whether it was an error on PayPal’s part or the actions of a fraudster was the fact that there is an official PayPal competition in Germany that is currently handing out €500 to 10 people each day, providing they have used the service to pay for something in the same week.
As the news began to hit Twitter, many users assumed it was, and reported it as, a phishing attempt.
However, Google+ user and German software designer Tim Weber also received the email and quickly spotted that while it contains SPF fails (Sender Policy Framework – essentially a way to prevent spam and spoofing) all the links seem to point to legitimate addresses and the email appeared to contain no phishing links. He also noted that it was sent to his correct email address, using the correct name, and as a result decided he was “99 percent sure this isn’t a phishing email”. It seems he was correct.