Paypal Fraudulent E-mails

17 11 2007

I checked my inbox, cleared up some spam and received a scam letter. Now, I regularly get legitimate e-mails from Paypal, so I don’t really think twice about clicking on the links inside.

This time, it was different.

I’ve reproduced the e-mail in it’s entirety in the quote below.

 

Dear PayPal Member,

As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your
account.We requested information from you for the following reason:

We recently received a report of unauthorized credit card use
associated with this account. As a precaution, we have limited access to your
PayPal account in order to protect against future unauthorized
transactions.

Case ID Number: PP(from Otakurean?!)

This is a reminder to log in to PayPal as soon as possible.

Be sure to log in securely by opening a new browser window and typing
the PayPal URL. Once you log in, you will be provided with steps to
restore your account access. We appreciate your understanding as we work to
ensure account safety.

Click here to restore your account access.

In accordance with PayPal’s User Agreement, your account access will
remain limited until the issue has been resolved. Unfortunately, if
access to your account remains limited for an extended period of time, it
may result in further limitations or eventual account closure. We
encourage you to log in to your PayPal account as soon as possible to help
avoid this.

To review your account and some or all of the information that PayPal
used to make its decision to limit your account access, please visit the
Resolution Center. If, after reviewing your account information, you
seek further clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking “Contact Us”.

We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.

Sincerely,
PayPal Account Review Department
——————————
———————————-

PayPal Email ID

——————————————————————

The entire e-mail reads like a formal letter which PayPal would write, even with the parts about password safety and verification of the URL.

But what got to me first was the part about unauthorized credit card use associated with this account, since I don’t use credits cards with my Paypal account at all.

Second warning alarm was the Case ID. So far, for the past few years I’ve been using the service, I have never heard of any cases whereby Paypal staff would send Case IDs in other to resolve any issues with accounts.

Thirdly, when I clicked onto the link provided in the e-mail, it lead to the old version of the PayPal homepage with a URL from some free webhoster. Thank heavens Paypal changed the homepage(and made a lot of noise in the process), and that urls can’t be masked, or I would probably have been sunk.

Even if I didn’t input any info and was using Firefox with Noscript, I still fired up AVG Antivirus(you can get it here) straight away in case any malicious code was in the website.

Ah well, still a lesson learnt.

BN: Changed the tagline, since it sounded too much like something SS would think up.

Advertisements

Actions

Information

7 responses

18 11 2007
nicholastay

good thing you were alert. i doubt many others would have noticed.

18 11 2007
§oL

OMG I got the mail too. And the same as you, I haven’t registered a credit card yet, so I thought it was an error and ignored it. Din’t even bother to click the link lol.

18 11 2007
shiro

Phishing at work…

19 11 2007
DigiGatou

But it makes you wonder, how exactly are they getting our e-mails?

21 11 2007
shiro

They employ bots and sniffers to capture our email addresses.

7 01 2008
nicholastay

by the way.. recieved an email in my junk folder with something similar. is this legit, or another phisher?

Warning Notification

Dear PayPal Member ,

It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension. Please update your records before January 05, 2008.

Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal.

Click here to update your PayPal account information

Click the Link here to Update your profile.

Copyright © 1999-2008 PayPal. All rights reserved.
Information about FDIC pass-through insurance

8 01 2008
DigiGatou

Paypal e-mails don’t usually get junked, and from the line “Click the Link here to Update your profile” it’s probably a fake.

If you’re still not sure, go to the paypal page by typing the URL in manually, don’t click on the link provided.




%d bloggers like this: