Beware of phishing: a recent attempt to rip off my PayPal information

January 22, 2007 | By | 9 Replies More

I have a PayPal account, so when I received the following email yesterday, it concerned me enough that I decided to log on to PayPal to find out more about this unauthorized change to my account:

You’ve added an additional email address to your PayPal account.
If you don.t agree with this email tcgrady@cox.net and if you need assistance with your account,
please click here to login to your account.
 
To make sure you can use your PayPal account the next time you make a purchase,
all you need to do is confirm or not your email address.
If your email program has problems with hypertext links,
you may also confirm your email address by logging in to your account.
 Thank you for using PayPal!
The PayPal Team
—————————————————————-
Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.

This email is great bait.  After all, it causes urgency in that the recipient will want to find out who the hell is adding an “additional email address” to PayPal.  To find out, I first clicked on the link on the email to get to my PayPal account. I was taken to this fraudulent site.

[THIS ABOVE SITE IS FRAUDULENT–DON’T USE IT! Notice the difference between the fraudulent site’s URL and PayPal’s actual URL:  https://www.paypal.com/.     If the site doesn’t start off with “paypal” immediately following www, beware.]

The fraudulent PayPal site (which was an elaborate replica of the real PayPal site) immediately asked me to log in by keying in my credit card number, security code and other confidential information (no, I didn’t provide any of that information).  If you dig around enough on the fake site, though, you’ll see that many of the links are broken.

This criminal attempt was carefully concocted so that it looked an awful lot like the legitimate PayPal site.   It makes me wonder how many people responded to this manipulative email by handing private confidential information to the criminals. 

PayPal is quite familiar with this problem

What is Phishing?
Phishing is a form of fraud designed to steal your identity. It works by using false pretenses to get you to disclose sensitive personal information, such as credit and debit card numbers, account passwords, or Social Security numbers.
One of the most common phishing scams involves sending a fraudulent email that claims to be from a well-known company. Phishing can also be carried out in person, over the phone, through fraudulent pop-up windows, and websites.
DEFINITIONS
Phishing (pronounced “fishing”): Fraudulent emails that request or initiate a scam to get sensitive personal information.
Spoof Site: Fraudulent sites – usually linked from a phishing email – that look like well-known websites.

Share

Tags: , , , ,

Category: Technology

About the Author ()

Erich Vieth is an attorney focusing on consumer law litigation and appellate practice. He is also a working musician and a writer, having founded Dangerous Intersection in 2006. Erich lives in the Shaw Neighborhood of St. Louis, Missouri, where he lives half-time with his two extraordinary daughters.

Comments (9)

Trackback URL | Comments RSS Feed

  1. Ron says:

    I had this problem about a month or two ago, with a site that looked EXACTLY like PayPal's real site. They sent an email talking about military grade encryption, then started talking about my account being suspended for fraud??? The crazy change in subject matter caught my attention. When I followed the links to the site, I started putting in BS info, and it took it all (i.e. I 'logged in' with a nonsensical username, then completely made a mockery of the system asking for credit card info and such). Of course, I kept a screenshot of the site (because I was really impressed with it's quality, and informed PayPal. It only lasted about a week before it was gone.

    I feel bad for the saps that got that email, and actually logged in to the fraud site because the site wanted confirmation of every bit of info needed to really get control of your life (cc info, mother's maiden, SSN, etc.)

  2. Ron says:

    Oh, something else to add… One thing that struck me about the attempt at fraud on my end, was that the links on the pages all led to the real PayPal site (except of course, for the log in pages). It really just blew me away…

  3. Scholar says:

    The other day, my mom called me at work because she had won a free laptop while she was browsing Ebay. She needed help deciding which of the free laptops to choose from. I asked her if it was a scam, but she said no, the window came up while she was at Ebay, and looked real. I insisted it was probably a scam, and recommended that she investigate whether Ebay actually has an "hourly laptop giveaway". She had to act quickly though, because it was an hourly giveaway, and she didn't want to lose the free prize. I was excited too, and reluctantly told her to go ahead and choose the Toshiba, (she had a choice of 3 brands).

    Then they began collecting her credit card info, and private passwords, maiden name, social security number…at this point she began to suspect it was a well-designed hoax. Upon doing more research, nobody at Ebay knew anything about the "laptop giveaway".

    The scams are getting much more real-looking. At this point, I don't give out my info unless I am at a verified site, and certainly never reply to emails from unknown sources (like the Republic of Congo).

  4. Fred says:

    Forward these kinds of email to spoof@paypal.com

  5. Chris says:

    I got one like this, but there was something odd about the URL in the message: it appeared to be designed so it would *look* like you were clicking on a legitimate paypal URL while actually being directed to the scam site.

    Fortunately, whatever method they were trying to use to achieve this didn't work in Thunderbird; I suspect it was trying to use the unique "features" of some Microsoft mail reader.

    So I would add to the list of cautions, make sure you check the URL *in your browser* before entering sensitive info, regardless of what the link may have looked like in your email reader. That, and don't use the most popular programs; they are the most often targeted by viruses and scammers. (Frequency-dependent selection in parasite resistance…)

  6. Erika Price says:

    I recieved a similar scam, but from a phony version of my financial institution. However, upon opening the fake site (as well as this one), Mozilla came up with a "Web Forgery" bubble. I wouldn't consider this a watertight guard against scam sites, but I certainly found it comforting.

  7. grumpypilgrim says:

    Phishing is a pretty well-known problem. One way to avoid being scammed is to NEVER use the links that are provided via ANY email: always *manually* type the URL for sites such as PayPal; that way, you know you're going to the right place.

    Unfortunately for us all, creating a phony version of a legitimate website is incredibly easy, because all of the genuine graphics can easily be copied and re-used. What amazes me are that people are still trying these same old scams. I don't know to what extent they succeed, but I imagine some do.

  8. Dan Klarmann says:

    It's the end of the phishing links you need to spot. I've seen links like http://www.paypal.com.105.56.7.89.ru style links in such fakes (not the real numbers).

    Just seeing the correct site somewhere is not enough: It has to be at the right end.

    Using FireFox as your default browser is certainly an advantage, if you do start to fall for one.

  9. Wademorris says:

    I got a good one. It said you have ordered a notebook computer for $699 please verify if this is you….

    then it had the address of a phony person in Idaho. Of course it wasnt me. If you want to cancel this transaction click the link….

    What I always do is hover over the hyperlink. If it doesnt say Paypal, and it never does, its a scam. Though I always manually type in the link if I suspect it could be genuine.

Leave a Reply