Warning!!! Paypal phishing.......

Steven65

Steven65

Traditional Hog
Platinum Member
Feedback: +63 / =0 / -0
Joined
Mar 11, 2008
Messages
6,241
WARNING

I received this e-mail last night.......

Dear PayPal customer,

During our regularly scheduled account maintenance and
verification procedure we have detected a slight error in your
billing information.
This might be due to the following reasons:
1.A recent change in your personal information (ie. change of
address, email address)
2.An inability to accurately verify your selected option of
payment due to an internal error within our systems.

Please verify your information. To do this we have attached a
form to this email. Please download the form and follow the
instructions on your screen.
NOTE: The form needs to be opened in a modern browser which has
javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3,
Opera 9)

We are requesting this information to verify and protect your
identity. This is in order to prevent the illegal activity of
PayPal accounts.

Please do not reply to this email.

We apologize for any inconvenience this may have
caused.Sincerely, PayPal security team.

PayPal Email ID PP836

When I opened the attachment there was a PayPal style form asking for all my bank details, cc details,billing address, pin numbers etc....

No login request, the links on the page are dummies, but they had my full name and obviously knew I was a PP customer.

I forwarded it to PayPal security but since I use my PayPal account almost exclusively for buying knives I felt that a warning to all BF members was in order.

Please be vigilant
Steven
 
these are fairly common. if you are not addressed by name or are asked for personal information, it is a scam.
 
One very easy way to avoid a phishing site is to simply type in the url yourself or rely on your own established shortcut to get to the site. Relying on a hyperlink or attachment from anyone you don't personally know and trust will probably come back to bite you sooner or later. Of course, keep in mind that there are some viruses that--say for example--your friend might get that will go in and send a bad e-mail to everyone on his contact list, which now looks to you like an e-mail coming from your friend. My rule of thumb is this: when in doubt, just delete without even opening it. And I can't recall the last time somebody complained that I didn't get their e-mail.
 
MORIMOTOM said:
these are fairly common. if you are not addressed by name or are asked for personal information, it is a scam.
Click to expand...

I use to get a LOT of these, I kept reporting them all....
Now I hardly get any. - :thumbup:


Please remember these steps to help protect your PayPal account from
Unauthorized Account Access.

Emails - Make sure they are sent from PayPal

1. If you receive an email and are unsure whether it is from PayPal,
open a new web browser (e.g., Internet Explorer or Netscape) and type in
the following: https://www.paypal.com/ Don't click on any link in an email
which seems suspicious to you.

2. Some spoof websites will send emails that pretend to come from
PayPal to entice you to log in at the spoof URL. Be extremely cautious of
emails that direct you to a website that asks for sensitive information.

3. Stay safe; don't respond to emails asking for any of the following:

· Your password and email address combination
· Credit card numbers
· Bank account numbers
· Social security numbers
· Drivers license number
· First and Last Names

If you have surrendered financial or password information to a suspicious
email or website, promptly report this to the issuing institution as well
as change your password and security answers on your PayPal account. This
can be completed in the Profile section of your account.

Email Greeting -

· PayPal will never send you an email with the greeting "Dear PayPal
User" or "Dear PayPal Member". Emails initiated by PayPal will address you
by your first and last name, or the business name associated with your
PayPal account.

· Please note that the automatic response you get from us may not
address you by name.
Always log into the PayPal site

· PayPal will only ask for information AFTER you have securely logged
in.

· For your security, PayPal will never ask you to re-enter your full
bank account, credit, or debit card number without providing you at least
the LAST TWO DIGITS of the number. These digits let you know that we
already know the full number and are asking you for the rest of it. Beware
of any website or email asking for these numbers for "verification" that
does not PROVE that it knows the number by providing at least the last two
digits

· Use Account Guard on the eBay toolbar. If you use Internet Explorer,
download the eBay toolbar. Account Guard helps ensure you are on PayPal or
eBay

Website pages - make sure that they are hosted by PayPal

1. When using the PayPal service, always ensure that the URL address
listed at the top of the browser is
https://www.paypal.com/ The 's' ensures that the website is secure. Even if
the URL contains the word 'PayPal', it may not be a PayPal webpage.

2. Look for the 'lock' symbol that appears in the lower right hand
corner of the browser. This symbol indicates that it is a secure site.

Do not download attachments, software updates, or any application to your
computer via a link you received in an email. PayPal will never send you an
attachment or software update to install on your computer.

Passwords - keep it on PayPal

1. Use a unique password for the PayPal account and change it every
30-60 days.
2. The password should be one that is not used on any other site,
service, or login.

If you think you have received a fraudulent email, forward the entire
email, including the header information to spoof@paypal.com and then delete
the email from your mailbox. Never click any links or attachments in a
suspicious email.

TA



.
 
When I get bored and receive on of these, I spend a couple minutes giving them tons of bogus information.

First Name: Bud
Last Name: Weiser
Email Address: bud@nunyabusiness.com
etc. etc.

That way when they try to use the information it will raise red flags and get them sniffed out quicker.
 
Just an added note of caution
many times those "attached forms" are spyware.(or a virus/trojan)
Never open forms,attachments etc from anyone unless
you have requested it (or know the person)
Since you have looked at the form,
I would run a scan of my computer ASAP.
Here is a free GOOD online scanner.
http://housecall.trendmicro.com/
but I am sure there are others.
Virus and malware are 2 different things and you should
have some type of protection for each.
Sad world we live in these days...
 
ANY email that claims I have to go to a site for updated info is bogus. I've yet to have a real one. You update on your own when it doesn't work. :thumbup: ;)

Banks, PayPal, eBay, Matchmaking sites, Undelivered packages from UPS/DHL/Fedex (it changes daily), Pyramid emails that have a 'slap on the back' feel with "Hey mate" as a greeting, Fake watches, Drugs, Viagra, Schlong enhancement--it goes on endlessly.

I have an email address that is scattered all over the web. So, I get probably 100+ emails a day. 60% of them go straight into my SPAM box, but I drag the others in there all the time.

Spoofs like the one above never get a chance. Now YOU know! :)

Coop
 
Open a free email account and don't use it. Monitor it and you'll see all the different phishing schemes.

It's a good way to get an over view of what's going on without risking anything that you use.
 
I do not have any PayPal hoaxes to look at, but another way to tell is to view your options (depending on your email client) mine is Google, so I click on a down-arrow next to the "reply" option and select "Show Original". or you might see View Header in your options.

If you still have the phoney, try it out or look at any of the crap in your spam box. It will look like "legit.com" in the HTML, by underneath it looks like "crap.com"

Here is a good Paypal:

Received-SPF: pass (google.com: domain of payment@paypal.com designates 216.113.188.112 as permitted sender) client-ip=216.113.188.112;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of payment@paypal.com designates 216.113.188.112 as permitted sender) smtp.mail=payment@paypal.com; dkim=pass header.i=service@paypal.com
DomainKey-Signature: s=dkim; d=paypal.com; c=nofws; q=dns;

The PayPal domain will show throughout the text view of the eMail header and you'll see various checks from the email provider that expose the real domain. If it were a phoney; even though it APPEARS to be from PayPal, it might look like this in the exposed view:

Received-SPF: pass (google.com: domain of payment@I-StealYourMoney.com designates 216.113.188.112 as permitted sender) client-ip=216.113.188.112;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of payment@I-StealYourMoney.com designates 216.113.188.112 as permitted sender) smtp.mail=payment@I-StealYourMoney.com; dkim=pass header.i=service@
 
Never open email attachments unless your expecting it. Never respond to spam even if trying to be funny, it just verifies your address is active.
Send all Ebay/Paypal suspect emails to spoof@paypal dot com or spoof@ebay dot com . If you have important messages from Ebay, it'll be in your messages after you log in your account. Never log into anything you do online thru an email link.
Common sense stuff.
 
I recieved very simular email that asked me to log in to paypal just click the link. I did and within two day they took $35 out of my account. I notified paypal and they put the money back. Lesson learned... never log in somewhere through a link provided in an email.
 
You must log in or register to reply here.
Back
Top