It’s a phishing email! Here’s how we can tell and the theory behind our reasoning.
Legitimate companies will own their own domain and will only send emails from that domain. If you see an email coming from someone that ends in “@gmail.com” claiming to be a well-known company, chances are, it’s a phishing email. Not even Google will send emails ending in “@gmail.com.”
Instead, it is most common for a legitimate company to use the company name as their domain. For example, PayPal uses the domain, “@paypal.com.” So if you receive an email from someone claiming to be PayPal but they are using a different domain, it is probably a phishing message.
You’ll notice in the example below that the sender address ends in “@notice-access-273.com.” This should automatically be setting off red flags in the recipient’s mind that this email is not safe and not actually from PayPal.
PayPal advises if you are not sure whether a PayPal email is legitimate or not, do not click anywhere in the email. Instead, they advise that you go to PayPal.com and log in. They say if there is actually an urgent message for you, you will see it there. You can find more information from PayPal here.
If you get an email from someone claiming to be from a company but you aren’t sure what domain their email should be coming from, you can usually find this information by doing a simple web search.