The bold sender name is free text: anyone can be "PayPal Support". A six-check, one-minute routine for finding out who really sent that email, and where IP Tracker fits in.
One character separates paypal.com from paypa1.com, and in many fonts you can't see it at all. A plain-English look at the letter-swap trick and how to check for it.
Read paypall.com fast and your brain sees PayPal. How typo domains hide behind skim-reading, and a ten-second letter-by-letter check that breaks the trick.
That link really says paypal.com, and it still isn't PayPal. How scammers bury real brand names inside addresses they own, and the reading habit that spots the trick.
The email claims twenty years of history; the domain was registered on Tuesday. How to check a domain's age, and how to read it without jumping to conclusions.
A domain can look exactly like apple.com and be something else entirely, one letter borrowed from another alphabet. Here's how the invisible lookalike trick works and how to unmask it.
The red warning screen is a strong signal. No warning isn't a clean bill of health. What Google's dangerous-sites list catches, what slips through, and how to layer your checks.