# Fraudulent PayPal e-mail



## Kreth (Mar 24, 2005)

Occasionally I skim through my bulk e-mail folder on my Yahoo account, just to be sure that the spam filters haven't incorrectly marked any valid e-mails as spam. Today, I found an e-mail from "PayPal" indicating that my account had been randomly flagged as a security precaution, and that I needed to login to verify my account. However, the link listed in the e-mail leads to this site (Note: DO NOT login at this link!). The actual PayPal login is located here. The first link is a fake website. If you login at this site, you are basically donating the contents of your PayPal account to some scumbag.
Have some fun with it. Personally, I logged in with the e-mail address nicetry@spammer.com and an obscene password incorporating a commonly used Anglo-Saxon word for sexual congress and the wish that the scumbag in charge of the site would soon expire. If enough people taint the scammers database with fake passwords, they'll be forced to trash the whole thing...
BTW, no matter how you login, your login will fail with a message that your e-mail address is not in their database.
The moral of this post: e-mails requesting a login for "verification purposes" are generally fake and used to scam the unsuspecting out of their login information. Always verify that the site you're visiting is the authentic one.

Jeff


----------



## arnisador (Mar 24, 2005)

Got the same one today. Sheesh! They're getting better at making these look official--this one was a good forgery.


----------



## Ping898 (Mar 24, 2005)

Got to be careful with these though cause a lot of the sites also have an underlying malcode that is auto downloaded just by visiting the site.


----------



## arnisador (Mar 25, 2005)

I received it on my Unix box at work.


----------



## Ceicei (Mar 25, 2005)

Pay attention to the headers of these emails. If the headers show anything unusual (such as an IP address) that doesn't match the actual website location, chances are that it is fake or a scam. These emails often borrow the actual webpage to lend an authentic appearance but just change the links to redirect the requested information.

 I got one from Paypal also a few weeks ago. Just recently, I got a similar email, but this time, it was supposedly from eBay requesting for "account verification to prevent suspension". It looks very authentic, but the way it was worded made me very suspicious. 

 My husband is a computer technician and he taught me to look closely at headers, use "whois" and if necessary, have him check out IP addresses to see if they match. When in doubt, can always call the legitimate company directly. 

 Most of the time, whenever I see one of these that make unsolicited inquiries about any sort of accounts by email, I just toss it in my trash and not bother any more about it. Plain junk....

     - Ceicei


----------



## James Kovacich (Mar 25, 2005)

I get those quite a bit. They take my email from my website and try to trick me. But my sites email has no connection to my paypal usage. 

Thats how I caught on to them.


----------



## arnisador (Mar 25, 2005)

Yeah, that's the trick. I register for these with my HotMail address, so anything I get at my actual address(es) is clearly spam.


----------



## Seig (Mar 26, 2005)

What I did when I got that was ignored the link and went directly to the site.


----------



## Cthulhu (Mar 26, 2005)

This is a scam called 'phishing', where naughty people pretend to be financial institutions or whatnot and send out e-mails warning their customers of 'security' issues.  Some of them actually warn the customers about the very scam they're trying to pull.  

 It's really bad if you use Internet Explorer, because there is supposedly some way they can spook the URL in the address bar so it looks like you're logging onto a legitimate site, but the actual IP is to a bogus site.

 Just keep in mind (and spread the word) that no bank or other such financial institution/business would EVER require you to do that.  If anything, they would have you call them for account maintenance like that so they could verify you as the actual card/account holder before changing any information.  Furthermore, most if not all of these businesses would not actually store your password on file, so if you lost it, they would just reset the password and e-mail it to you or something.

 A LOT of elderly people seem to fall for this because they simply do not know that those e-mails are not legitimate practice.  If you know people who frequent the Internet but are not hip to the various fraud practices out there, be sure to let them know NOT to answer any e-mail like that.

 Cthulhu


----------



## arnisador (Mar 26, 2005)

Seig said:
			
		

> What I did when I got that was ignored the link and went directly to the site.


 I felt safe because I was on a Unix machine (and at work, so it'd be someone else's job to fix it anyway! ) but otherwise I'd say the same.


----------



## ed-swckf (Mar 26, 2005)

Ping898 said:
			
		

> Got to be careful with these though cause a lot of the sites also have an underlying malcode that is auto downloaded just by visiting the site.


people have gone to the site and picked up JS:Trojan.blinder as i am aware.


----------



## Dronak (Apr 6, 2005)

For me personally, there's no issue here -- I don't have a PayPal account, so almost any e-mail I get claiming to be from PayPal is going to be a forgery.  I do have to watch sometimes for eBay e-mails though; I do have an account with them and still get some fake mails claiming to be from them.  But Yahoo's filters are pretty good.  With the exceptions of a few mailing lists I haven't (or forgot to) clear, I think everything that's gone to the bulk folder has been spam.  What I'm a little surprised at is that they still haven't quite gotten the hang of filtering out those Nigerian scams, the ones where some lawyer claims there's like tens of millions of dollars available to the next-of-kin of a dead person and if you help them liberate the money (because there is no legitimate next-of-kin), you'll get some percentage of the money that usually still amounts to millions.  A lot of them have been making their way to my inbox and I keep reporting them to Yahoo as spam.  They'll figure it out eventually, I guess.


----------



## Pale Rider (May 8, 2005)

Here is one from a "fake"

*Dear PayPal Member,*

 Your account has been randomly flagged in our system  as a part of our routine security measures. This is a must to ensure that only  you have access and use of your PayPal account and to ensure a safe PayPal  experience. We require all flagged accounts to verify their information on file  with us. To verify your Information at this time, please visit our secure server  webform by clicking the hyperlink below 

 Here is one from Pay Pal

 [font=verdana, verdana] 
*Dear Bill Richards,              *

*Welcome to PayPal,* the easy and affordable way to accept credit  card payments online. If you're unfamiliar with PayPal, you probably have  questions about the service and the best ways to use it for your business. We've  created a document to help.

 If you notice the fakes will only say "Dear Pay Pal Member"

 Make sure that any emails sent to you from Pay Pal actually say "Your Name"
 If you have any doubts then go straight to their login page and DO NOT click on any links sent to your emails.

 I sent Pay Pal an email asking them about that and that is exactly what they told me.  The fake ones will say 99% of the time - Dear Pay Pal Member...and Pay Pal doesn't

 I hope this helps
[/font]


----------



## Andy Cap (May 8, 2005)

In the end if you are concerned that an email from Paypal, Ebay, Hotmail, Credit card, etc is false - then log onto their site not using any links from teh email.  in other words if iget an email from Ebay and I am at all concerned that it may be a legit email, I open up firefox and go to ebay.com and log into my account and see if they left me any messages there.


----------



## Andrew Green (May 8, 2005)

arnisador said:
			
		

> I felt safe because I was on a Unix machine (and at work, so it'd be someone else's job to fix it anyway! ) but otherwise I'd say the same.


 
  Being on a Unix system doesn't in any way protect you from phishing scams, it "should" protect you from Trojans though as none target it (yet)

  One of the most common ways of doing bad things to people on line is getting them to do something that "feels safe"....

 My boss actually almost feel for a phishing scam a little while back.  After explaining what it was I then proceeded to class where I was giving a test.  Coincidentally there was a question on Phishing scams 

 Anyways, no financial institution is ever going to send you a e-mail asking you to enter your account info.  They are all well aware of phishing scams and how common they are, for that reasons most have a policy that they will not contact you through e-mail asking for such info.

 Spoofing an e-mail adress is not hard to do.  Hell they can even make it look like you are on the actual site based on first glance at your adress bar...

 Here's one simple trick:

www.paypal.com/login?_some important looking info_*@*_real adress

_The real adress is of course well outside the visible section on your adress bar, and everything before the "@" get ignored as a username.

 Firefox will "should" give you a warning if you go to a site with a "@" in the address, not sure about IE.


----------



## evenflow1121 (May 8, 2005)

I got that same email a few weeks ago, funny thing was I am not even a paypal subscriber.


----------

