OT: "Spoof" eBay and Paypal emails

[fini]

Last night I received an email, supposedly from Paypal. Here's a screen shot of the message:

Now, I did not reply to this email, but forwarded it to spoof@paypal.com, where Paypal suggests you forward suspicious emails and websites. The whole message, as you see it in the photo, was an attachment, not just the URL. I don't know where it may have taken me (if anywhere) if I'd have clicked on it, but I'm posting this here for my friends, to be very suspicious of this kind of thing. DO NOT give out your information unless you are absolutely sure the website/email is 100% legitimate.

fini

[tankhokie]

wow,

if i hadn't read that most services will never ask you for credit card info via email, i would have probably checked that out.

thanks for the warning. it is amazing how official that looks...even the link with the www.paypal.....

thanks for the reminder, it is easy to become complacent with using the net more and more...all the while crooks are becoming more and more saavy.

i echo fini:

----------------

DO NOT

give out your information unless you are absolutely sure the website/email is 100% legitimate.

----------------

[fini]

PayPal sent me this, this morning:

Thank you for contacting PayPal.

Thank you for bringing this suspicious email to our attention. We can

confirm that the email you received; was not sent to you by PayPal. The

website linked to this email is not a registered URL authorized or used by

PayPal. We are currently investigating this incident fully. Please do not

enter any personal or financial information into this website.

If you have surrendered any personal or financial information to this

fraudulent website, you should immediately log into your PayPal Account and

change your password and secret question and answer information. Any

compromised financial information should be reported to the appropriate

parties.

If you notice any unauthorized activity associated with your PayPal

transaction history, please immediately report this to PayPal by following

the instructions below:

1. Go to

https://www.paypal.com/

2. Click on the Security Center at the bottom of the page

3. Click on "Report a Problem"

4. Select the Topic: Report Fraud

5: Select the Subtopic: Unauthorized use of my PayPal Account, and click

Continue.

6. Follow the instructions to access the appropriate form

If you have any further questions, please feel free to contact us again.

Sincerely,

PayPal Account Review Department

PayPal, an eBay Company

fini

[dougdrake]

Come on, Fini, dig, man, dig! Look at the HTML behind the message they sent and see what URL is behind the link! Inquiring minds want to know where it would have taken you!

Hey, what'd you think of Ring of Fire?

DD

[Deang]

http://www.paypalsucks.com/

[BEC]

I get several of those a day. I guess it is related to my doing a lot of business on eBay. Some are very poor spoofs with a lot of inappropriate wording and spelling but some look pretty good. Most of time the link given is already inaccessable by the time I get them. I expect that the thief only leaves it active for a short time to cut down on the chance of getting traced. When they are active, the web hosting is usually Russian. The latest and perhaps the best of these that I have seen is one that looks just like the ones you get from Paypal when someone sends you cash. Starts out "You've Got Cash", Click the link below to log in to your Paypal account." Doing that would be a very bad move. Always go directly to Paypal or eBay to log in to your account. I can't see why these attempts at stealing your eBay account or Paypal account or your identity are not really considered criminal. I think just the "attempt" should be a crime.

[kenratboy]

You can easily change the NAME that appears on the link. If you put your mouse over the link, the text box in the bottom left corner of IE will show the link.

I am lucky and have never been 'had' online, due to knowing all the little nasty things they try to do.

Remember: MICROSOFT DOES NOT SEND YOU UPDATES VIA E-MAIL, NEVER OPEN A FILE FOR A WINDOW'S UPDATE, IT'S A VIRUS!

[dodger]

Hello:

Many excellent warnings are contained here.

I started a thread regarding a telephone call from "Fleet Bank's Credit Card Fraud Unit."

Win dodger

[skonopa]

Another hing thing to look for:

Look at that URL that is given in that e-mail:

http://www.paypal.com/(the rest of it)

Notice that is it not "https". Paypal does everything through secured HTTP (the 's' after "http"). If that was a form that you are supposed to submit credit-card information, shouldn't that be through a secured server?

You certainly did the right thing by reporting that to PayPal. It seems they are really taking this stuff seriously.

I've gotten one of these at work once. I immediatly knew that was bogus, because I have never, ever used my work e-mail with PayPal. I would expect to get anything sent by PayPal to the e-mail address that I did use to register with them.

On that note, I did get a legitimate e-mail from PayPal telling me that the credit card I did have in my account expired. All they did was tell me to log into my account and fix it before I attempt to use it to send any money. They did not send me some stupid URL with a form I was supposed to fill out. The key was that they specifically told me to log into my account and fix it. I am not going to bother until I actually need it.

[Klipschfoot]

I get emails from Paypal that go like this:

Dear Loyal Paypal Customer;

Congratulations! Your item sold for $49.87. Your selling fee is $39.72. Don't do anything. We will automatically deduct if from your credit card.

Thanks a Million (literally),

Paypal Customer Service.

Okay, an exaggeration. But you get my drift.

[tankhokie]

klipschfoot,

are the selling fees that bad? i never did the research into how to sell anything on ebay...are they a fixed rate or %?

all, thanks for the good tips here, i am not too saavy on url links and the like.

[fini]

Naw, he's pullin' your missile launcher. PayPal takes about 3% plus $.30 per transaction. eBay takes a listing fee (based on many things, typically $.30 up to $3, but can go higher), and a final value fee, based on, uh, the final selling amount.

fini

[Rockets]

Just read this about a PayPal VIRUS

http://story.news.yahoo.com/news?tmpl=story&cid=1093&ncid=1093&e=7&u=/pcworld/20031117/tc_pcworld/113478

[Daddy Dee]

"always go directly to the paypal site to log in"

this is good advice and a good way to avoid a stealth link.

scary stuff