Jump to content

NEW PAYPAL EMAIL PHISHING SCAM


Recommended Posts

Howdy fellow O-men!

I've appreciated other members giving us the heads-up on Internet scams, so I thought I'd share this one with you. I've received fake emails purportedly from PayPal in the past trying to get me to log in to my account for one reason or another. Usually, the tip-off is when the email begins "Dear PayPal Customer". This morning, however, I got one that had my correct name in the greeting. Here's what followed:

Notification of Limited Account Access

As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.

Case ID Number: PP-830-173-720

In accordance with PayPal's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to follow our verification procedure as soon as possible to help avoid this.

Click here to login

and restore your account access

Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.

This is a final reminder to log in to PayPal as soon as possible.

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Sincerely,

PayPal Account Review Department

PayPal Email ID PP-830-173-720

DO NOT CLICK ON THE LINK to restore your account access! It's a phishing scam that brings you to a fake website masquerading as PayPal, where you will be directed to enter your username and passord. Once they've got there hands on that info, you're toast. Again, I can usually spot these scams immediately, but their use of my name and the professional look of the email (logo, correct font, security warnings along the right margin, etc.) almost made me pull the trigger. Instead, I right-clicked on the body of the email to "View Page Source" and saw that it wasn't from Paypal.

Hope you find this info helpful. I'd hate to see anybody scammed like this. Right now I'm going to email the ambassador of Nigeria, a personal friend of mine, and tell him all about it. ;)

Link to comment
Share on other sites

Obviously they got a native-English speaker to write the email so you have to give them credit for avoiding the grammatical errors. But isn't it Paypal's policy to never send a log-in link and always advise you to type in the URL into a new browser window? So regardless of font or anything else that makes it look "real," any link in a Paypal message is proof that its a phishing scam.

Link to comment
Share on other sites

I got this one too- I never use the provided log-in link on these things. I logged onto my account and saw there were no problems or unauthorized charges, then I emailed Paypal and they confirmed that this was a phishing email. Pretty clever one I must say.

I tend to be fairly paranoid about "business" emails I receive, and it usually pays off.

Link to comment
Share on other sites

Yes, when it concerns sensitive login information, the rule is to always log in yourself and not through a link in an e-mail that you can't know the source of. And as sonnymax said, you can right-click and view the source to see what the real URL is. It doesn't have to be the same as the text that is showing.

To give a harmless example, the link below does not take you to Paypal, but to Amazon. It could have been something much worse.

http://www.paypal.com

Link to comment
Share on other sites

Interesting phishing scam as it closely mimics Paypal's legit practices when they suspect fraud. I recently had a fraudulent charge and before I even realized it Paypal "limited" my account until I could get back to them and verify certain information. When I talked to them, the Paypal rep explained that their system flagged the activity as suspicious; an investigation is ongoing. I'm so far very pleased with Paypal's response and follow up to the situation. Which I'm no doubt certain will disappoint Goodspeak.

Link to comment
Share on other sites

Yes, when it concerns sensitive login information, the rule is to always log in yourself and not through a link in an e-mail that you can't know the source of. And as sonnymax said, you can right-click and view the source to see what the real URL is. It doesn't have to be the same as the text that is showing.

To give a harmless example, the link below does not take you to Paypal, but to Amazon. It could have been something much worse.

http://www.paypal.com

True enough, but for checking URLs an easier approach is to simply hover your mouse over the link. You'll either see a tooltip popup showing what address it will go to or you'll see the address in the status bar at the bottom of the browser or email window.

If the address doesn't match exactly what's printed, or if it's not going where I expect, I move on.

Link to comment
Share on other sites

Whenever you visit the Paypal page through a link (at a store, Ebay, etc), check the address displayed in your browser address bar before entering your login data, to make sure you are on https://www.paypal.com , and not some fake page (which could have an cleverly made address to mistake the user, like

http://paypal.com:account@phishingsite.net

In this case, phishingsite. net is the domain, not paypal.com

Edited by Claude
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...