Tag Archives: PayPal

Yet another PayPal Phishing Scam

Posted on by
4

This one tells you to confirm your email address.

Did you get an email message from PayPal today? One asking you to confirm your email address?

I did. In fact, I got two — to two different email addresses, neither of which have ever been used for PayPal.

But that’s not what tipped me off to this being a scam. It was simple: I looked at the links before clicking them and saw that they led to a site that wasn’t PayPal.

Another PayPal Scam
In Mac OS, you can point to a link to see its URL. Also note the sender email address — clearly not PayPal.

I admit that this one looks pretty convincing. They got the graphics all right and there’s no obvious typos. But there is one clue in the body of the message that should raise red flags: they didn’t use my name anywhere in the message. PayPal (and my bank and other organizations in which I hold accounts) have my name and should use it on all communications, automated or not.

But of course I’d never click a link in an email message from an organization in which I have an account, would I? Would you? I hope not!

If you get an email message like this, purportedly from PayPal, that asks you to “Confirm your new email address,” either mark it as spam or just throw it out. Don’t click any links in it. In fact, if at all possible, don’t even open it at all.

Yet Another PayPal Phishing Attempt

Posted on by
11

This one looks, on the surface, quite convincing.

This morning, I got the following message that appeared to be from PayPal in my inbox:

Another PayPal ScamDear PayPal Customer,

You have added andrew1987 @btconnect.com as a new email address for your Paypal account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.

NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

As shown in the accompanying screenshot, the message included all the usual PayPal logos and even a VeriSign Identity Protection logo. (What good is a logo like that if it’s so easily stolen and reused by scammers?) Of course, it was from an address at ppal.com (not paypal.com) and it was addressed to “Dear PayPal Customer” instead of my name. That’s a dead giveaway that the message is not real.

Of course, there was an HTML file attached. Opening the file in a text editor — not a Web browser! — showed HTML code with a JavaScript that would, among other things, collect your PayPal name, password, date of birth, and mother’s maiden name. I don’t know enough about JavaScript to figure out what would be done with this info, but I can assume it gets sent back to the folks who will then use it for identity theft.

Reading the message offers other clues that it’s fake. For example, although it’s standard for PayPal to send you an e-mail message if you add or change an e-mail account, they make a conflicting request. First, they say action is only necessary if you believe your account has been compromised. Then they tell you that if you ignore the request, they’ll suspend your account. That, of course, makes no sense.

But I’m sure that many people would fall for this. After all, it indicates that a stranger’s email has been added to their PayPal account. All the talk about Internet fraud would send a person into panic mode. He’d open the file attachment and possibly go through the process of giving away information about his own account.

You have no idea how much this pisses me off. I know people who have been scammed by emails like this. One of them is an elderly man who had a bank account tapped into and partially drained before he was able to resolve the problem.

I immediately forwarded this message to spoofs@paypal.com — the address you should forward any questionable PayPal communication to.

Please help spread the word among friends and family members who might fall for phishing attempts like this. Tell them that if they get a communication from any company they do business with, they should log into their account the usual waynot by clicking a link or opening a file attachment in the message they receive.

September 3, 2011 Update:

Thought I’d mention another version of this scam. Here’s the message that arrived today:

Dear Customer,

You sent a payment of 40.90 GBP to Mobile Top-up Online
(sales@topups247.com)

If you have questions about the shipping and tracking of your
purchased item or service, please contact the seller.

Please download the document attached to this
email to cancel or forward your purchase.
————————-

Merchant
Mobile Top-up Online
sales@topups247.com
Instructions to merchant
You haven’t entered any instructions.

Shipping address – Unconfirmed
United Kingdom
Postage details

Of course, this one came with an HTML attachment, too. It’s named “PayPal Refund.html” and, to someone who isn’t actually thinking, it might seem like something worth double-clicking to fix the perceived incorrect charge.

Don’t get scammed.

November 21, 2011 Update: They’re now doing the same thing with the name sarah@comcast.com.