Amex Personal Key Scam

Yet another phishing scam.

Got this one supposedly from American Express today. Pointing to a link in the email message clearly showed that clicking a link would not take me to an American Express website:

American Express Scam

Compare the look of that email message with the top of a real one from Amex:

American Express Legit message

Note that the real one includes my full name and even the last five digits of my credit card number (which I’ve blurred out here). When I point to a link in that message, the URL goes to a page at

Don’t be fooled! If you get a message from a bank or credit card company — or any other organization on which you have an account — go directly to that organization’s website by typing in the URL. Do not click a link in an email message. It may take you somewhere you don’t expect or install software that can infect your computer with malware.

Sales Force Email Scam

Yep. Another one.

Here’s another attempt to get unsuspecting people — in this case, business owners — to open a file that will likely install malware on their computer. This one supposedly comes from and has a ZIP file attachment. It was addressed to my Flying M Air business email address and includes a link to my website. Keep in mind that my business email address is quite generic and could have been guessed by the sender.

The complete message is shown below.

Sales Force Email Scam

Once again I need to remind everyone who might be taken in by emails like this: don’t open any file attachment that you are not expecting, especially if it comes from a person or organization you are not already doing business with.

Picasa Library Photo Scam

Another one. Or two.

Another heads up on a phishing scam. This one comes in the form of an email message from “Picasa Library” or “Picasa Photo” that’s marked Urgent.

Pointing to the button in my email message window (see below) clearly shows that the link doesn’t go to Picasa (a photo sharing site) at all. It’s just another scam — another attempt to get you to go to a site and enter login information or download a virus.

Picasa Email Scam

It was pretty obvious to me that it was a scam, mostly because I don’t use Picasa and certainly don’t have 76 photos on the site. But if you do use Picasa? And had just uploaded a photo? You might be fooled.

Don’t be.

ADP Payroll Invoice Scam

Sloppy work, but I’m sure some people will fall for it.

Have you gotten an email message supposedly from (but really from someone else)? A brief email with the ADP logo and an file attachment?

Don’t open it.

Although I don’t think opening the message will cause any harm, the attachment is likely some sort of virus — or contains one when opened — and that can’t be a good thing.

Here’s what the message I got looks like. Note the From field and the typo in the bold, underlined text.

ADP Scam

I’ve said it before and I’ll say it again: Don’t open attachments you aren’t expecting, especially from organizations you don’t have some sort of email relationship with. Doing so is just plain stupid.

Coincidentally, I worked for ADP at their corporate headquarters back in the 1980s.

Yet another PayPal Phishing Scam

This one tells you to confirm your email address.

Did you get an email message from PayPal today? One asking you to confirm your email address?

I did. In fact, I got two — to two different email addresses, neither of which have ever been used for PayPal.

But that’s not what tipped me off to this being a scam. It was simple: I looked at the links before clicking them and saw that they led to a site that wasn’t PayPal.

Another PayPal Scam
In Mac OS, you can point to a link to see its URL. Also note the sender email address — clearly not PayPal.

I admit that this one looks pretty convincing. They got the graphics all right and there’s no obvious typos. But there is one clue in the body of the message that should raise red flags: they didn’t use my name anywhere in the message. PayPal (and my bank and other organizations in which I hold accounts) have my name and should use it on all communications, automated or not.

But of course I’d never click a link in an email message from an organization in which I have an account, would I? Would you? I hope not!

If you get an email message like this, purportedly from PayPal, that asks you to “Confirm your new email address,” either mark it as spam or just throw it out. Don’t click any links in it. In fact, if at all possible, don’t even open it at all.

Paypal Watch Receipt Scam

This one almost fooled me.

Will the phishing never stop? This email message, which looked remarkably legitimate to me, thanks me for sending $149.49 to a stranger for the purchase of a watch.

Paypal Watch Purchase Scam

I first received it on my iPad, which does not allow me to see where a link points to without clicking it. On my iMac, however, pointing to the link revealed that it went to a php script on a website that was definitely not PayPal.

Remember — if a suspicious email arrives, resist the urge to click a link in it. Instead, go directly to the site purportedly sending the message by typing its URL in your browser’s address bar. In this case, I simply went to, logged into my account, and checked to see if a transaction had really been processed. Of course, it had not. The whole thing was a scam.

American Express Transfer Email Message Scam

Yet another email scam — this one supposedly from American Express.

I don’t even think the bits had even finished uploading on yesterday’s scam report when this one popped into my email inbox for the same email address (which I’m probably going to turn off very shortly):

Amex Scam

Once again, it’s easy for me to recognize this as a scam:

  • Bad email address. My Amex account uses another one.
  • I don’t have an American Express Open account at all.
  • I didn’t do any Amex transfers.

The message was from a noreply address at Bebo Services. All the links point to the same page on the domain. Again, I haven’t tried the links and have no plans to do so.

At this point, if you’re blindly clicking links in any email message you get that looks the least bit suspicious, you probably deserve whatever results.

Be smart. Think before you click.