From PayPal?

Hey guys,

Over the past couple of months I've gotten a few emails, purportedly from PayPal, asking me to update my account information. When I clicked on the link provided, it sent me to, what looked like, an official PayPal page. This page appears as a form asking for information, such as my email, name, bank account and credit card numbers, etc. This email also warned that my accounts would be cancelled, if the information was not updated within 24 hours.

After reviewing the form, I remembered another email that I received from PayPal telling me that I would never be asked for the above information, so I called PayPal. I was told that PayPal is NOT sending out such emails.

Just a heads up.

Thanks, most my emails are scam/crap every now and then I get a really sharp one that stands out.
Topper /ubbthreads/images/graemlins/smile.gif

I have seen this email before. It truly looks perfect. Unfortunatly, some people arent smart enough to think about what they are about to give out, and next thing you know, all your money is gone.
I wish this crap was more catchable by authorities.

Cameron

Yeah I found out that a real e-mail from Paypal will ALWAYS address you by your real name (rather than "Dear valued Paypal Member" or somesuch BS), so that helps tip me off. Also, although the link shown in the fake e-mail begins with https (with "S" signifying a secure site), when you click on that link you usually wind up at a site that does NOT have the "S" at the end...hmmm...

That sort of scam is common. It is called Phishing.

One sure way to defeat it is that you should never follow a link in an email that is requesting information or an update. If you are really unsure if it could be a real request, just open a new browser window and type in www.paypal.com or the correct address for whatever service you think you need to update. That way you will not be taken to the fake site. There are more tipoffs listed at Paypal's website.

I got this yesterday too and this one was real slick! It has www.paypal.com/xxxxxxxxxx and it is addressed to my correct name which was always the first clue before. I just went to paypal.com as I figured if there was any issue, after logging in, I would receive notification. This particular E-mail looks way too legit!! /ubbthreads/images/graemlins/frown.gif

This holds true for ANY company, service, bank, credit card company, etc. NEVER click on the link in the email no matter how official or perfect it looks. Always start up a new browser and go the the company's official website.

Another side affect beyond phishing is some pages they want you to go to instead of just capturing passwords entered into a box,etc it will attempt to install keyloggers or trojans to grab all sorts of info beyond just a paypal account.

I've gotten the ones from Banks I don't even do business with. Gotta watch out.

I keep getting emails from somebody claiming to be ebay, saying that my account has been suspended and I need to update my billing information immediately. If my web browser hadn't been not working at the time, I probably would have done it with the bad link they sent. Instead I sent an email to ebay demanding to know why my account had been suspended, and they told me it was just a scam. Now I keep getting the same email over and over. /ubbthreads/images/graemlins/rolleyes.gif

McGizmo,

That site is scary good!

Looks like a perfect copy, did you forward it to PayPal?

Bill

Here's a trick -- pass the computer cursor over the link, and wait a second or two. The actual IP address should show up in a tiny box. However, be careful, since some spoofers and phishing sites will look very, very similar to the real site.

As stated above, when in doubt, call the company.

Not only did I get this bogus message from PayPal yesterday, I received a similar one from E-Bay asking the same type of info today.

There is a simple program you can run that shows the actual web address of the site you are surfing. It is intended to fight this kind of thing, but the problem is I can't remember the name of it. If you search TheScreenSavers.com you should be able to find it.

Law Enforcement is getting a lot better better at catching these folks. I got an email the other day from "Paypal", and being on a non-Windows OS, I'm pretty safe as far as virii and keylogger nonsense. I opened the link and *someone* had already shut down the phishing site.

Nice job, whoever took care of this /ubbthreads/images/graemlins/smile.gif

McGizmo,
Are you telling me the link you gave us, "/xxxxxxx" isnt real?
Everything seems to be checking out ok. I havent logged in, but my login program that automatically fills in stuff like that works for it. If it were fake, I dont think it would work would it? That one has to be real.

Cameron

There is one thing the phishers haven't gotten to yet - and that's SSL.

SSL provides both encryption (so people cannot read it in transit) and authentication - proof that the site is genuine.

In Internet Explorer you will see the padlock icon. You should not receive ANY warnings about certificates. If you receive such a warning you can be almost certain that something is wrong. You can also click on the padlock icon, found in the lower right hand part of your browser, to see who the certificate was issued to. If there is no padlock, the site is not secure/authenticated. Make sure there is the lock before you key in any info.

In Mozilla Firefox, the address bar will also turn yellow.

One of the bank phishing scams links to the genuine bank site (correct web address, genuine bank page etc). However, when you click the link in the scam email, after the genuine bank site opens, a fake pop-up opens asking for banking details. The pop up has the bank logo and as there is no web address in it, it is difficult to tell that it is not actually coming from the genuine bank site.
This is a good one but it was obviously a scam to me because I don't bank with them (and it had 'to our valued customer' rather than my name on it).

Bobisulous, I would be very careful what programs you have that automatically fill in passwords and login info. If any trojans get in, they will head straight for the password logs. Anything these days could be a scam and it's worth double/triple checking everything (a few years ago, phishers were hijacking IP routing and redirecting people to their sites, even when you would type the actual address into the address line!)

KevinL, I have seen phishers who use an image of the padlock in their fake sites. As you said, people should double-click to ensure the padlock is real, and re-read the address in the address bar before entering any personal details. I'm not overly diligent with logging onto forums or disposable email, but am overly cautious when logging into my bank details. I also have several levels of passwords for different sites (lower level passwords are used for multiple logins, so I don't forget and because if one is hacked it's not a critical problem, and individual, separate passwords for banking, Paypal and the like). I also never use login assistant programs or 'remember my password' check boxes, to ensure there are no log files in my computer that have these details.

Hope this wasn't an obsolete ramble,

Dave.

Yup. Double click the padlock and make sure the window that pops up is generated by your computer.

On the other hand, it is surprisingly easy to fool people - even those who should honestly know better.

I was giving a briefing today and since I was unable to get a screen capture of a tooltip, I drew an example myself in Powerpoint (rather crudely too).

A number of people very helpfully pointed out that "your laptop has something popping up".. /ubbthreads/images/graemlins/ohgeez.gif (not realizing it was part of the presentation, badly drawn as it was..and the best part - these *ARE* IT folks!)

/ubbthreads/images/graemlins/blush.gif Hey guys,
I couldn't remember the rest of the URL so I just typed in some x's! /ubbthreads/images/graemlins/icon15.gif I didn't mean to actually provide a link!! /ubbthreads/images/graemlins/crackup.gif Amazing that it works! /ubbthreads/images/graemlins/grin.gif

The link I was provided started out with paypal.com and then had some other subdirectories or cgi bin info. I did go to the link in a browser window and the page that displayed did look completely legit. I forwarded the e-mail to paypal and did receive a response stating that it was bogus. The wording on the web page was just too threatening to ring true but had the text been of a more reasonable tone, I could see someone buying into the legitimacy!