As the offered link can be seen leading to a legitimate PayPal account, users might feel safe following it.
Still, the account in question seemingly does not belong to the American Red Cross, but to the owner of the firstname.lastname@example.org email address and account.
"Other than a short user-supplied bit of text, there is no indication that Thomas March has any connection with the American Red Cross," Barracuda Labs' researchers point out. "While paypal.com is a well known legitimate website, that means nothing when it comes to the destination of monies transferred."
Even though this particular email doesn't dupe users into sharing personal and financial information, we can safely assume that a donation made here will never reach the Red Cross.
In fact, the organization has its own dedicated, HTTPS protected web forms for donations, and this is the only webpage through which online donations should be processed.
"This underscores one of our primary pieces of advice when it comes to email security," say the researchers. "Never follow links in email. The risk that the link is spoofed is just too great."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.