I received an . . . ahem . . . interesting email message in my Gmail inbox this morning, thanking me for my PayPal transaction of $579 for two years of antivirus software that was being shipped to me UPS priority overnight.

It was so painfully full of red flags indicating that it was a phishing scam out to steal my money that I thought it interesting that Gmail didn’t catch it and prevent it from reaching my inbox at all. So I decided to investigate a bit.

Now, there are a few ways that cybercrooks attempt to hook people via emails such as these—some are a bit more straightforward than others.

The first is to send you a “poisoned attachment” and convince you to run it. It may look like a document but actually be a program in disguise. Once you run it, it installs malware or ransomware on your computer.