PayPal Fraud Alert

[Stan Schober]

While checking my morning mail, I came across this:



Highly suspect, as it was an account not attached in any way to my PP account, AND it doesn't contain my actual name .
So, I hit the "reply" button and we see that it ACTUALLY came from:


A Russian scammer...

BTW, if you click the link on that original mail, it takes you here:



Thousands of people a year fall for this scam, because it (like so many others) LOOKS official.
Take the time to check, and save yourself some big headaches.

Oh, and forward those original e-mails to:
spoof@paypal.com

More info here:

https://www.paypal.com/cgi-bin/webscr?c ... n4-outside

[Richard Sinkler]

I have seen similar ones like this. I always check with Paypal (using the spoof email address you showed). Every time it has been a scam. I believe Paypal told me they never ask for this type of info in an email and to look carefully at the email address where it originated. And NEVER click on any reply buttons or links.

I also had something like this from AT&T. Again, by contacting them, I was able to find out it is a scam. They told me this type of scam happens a lot, and the best thing to do is to CALL or email (to an address off their website that you know is real) and never respond to the email unless you find out that it is real.

They should not be asking for stuff like SS Number, full credit card numbers (usually they will only show the last 4 digits and ask you to confirm it), Mother's maiden name. etc if you have an account already established with them.

[Wiz Feinberg]

For members not yet aware of the purpose of these scams, they are called Phishing Scams. The purpose is identity theft and full access to the victim's phished accounts.

[George Redmon]

I'm sure everyone already knows. But NEVER log into paypal from a mail link, never. Always from their website only. After reading about this, i logged into paypal from their website. And it's been so long since i used my account, it actually was on limited status. Had to reset passwords, and contact customer support by phone. I tried to send money to a family member, paypal wouldn't let me untill i took security measures. So you gotta be careful.

[Glenn Uhler]

Gang,
Actually, I always laugh when I get one of these emails, because I don't have a PayPal account. I had one when they first started, and they gave you $5 to open your account. After about 90 days, I didn't use my $5, so they took it back. That's when I closed my PayPal account.

PayPal would like to be a bank; would like you to treat them like a bank; and would like everyone to think that they are a bank. That will never happen, because if they became a bank, they would have to tell Federal and State bank regulators about how much of other peoples money they are holding, how much money they are making in interest off that money, and why they aren't paying any interest to PayPal accounts.

Think about how much of your money PayPal is holding, and not paying you interest on. Now, think about how many thousands of PayPal accounts there are. Multiply these two numbers together and see how much money PayPal is holding on to. Get the idea?

[Bent Romnes]

Glenn, That's why we should just keep a very small amount of cash in the account. When I receive money, I usually transfer it to the savings account at my bank. When I pay for something thru paypal I do it either through my Visa or my bank savings account.

[Graeme Jaye]

I'm with Bent, register a credit card with PayPal and use that to make any payments. Don't keep any money in your PayPal account. This is a bit like paying off a credit card every month - makes things a lot cheaper.

A side advantage is that you don't have to give your credit card details to everyone you buy from. That, alone, decreases the risk of a fraud being perpetrated towards you.

As for the original post, I get phishing mails like this from all sorts of people, not just PayPal. Usually it's banks with whom I have never even had an account!! The advice already given is sound - only log into your account via the official URL and never click an email link (a real problem might be notified to you by email, but they would never ask you click on a link to provide information they might need).

[Bob Martin]

There is one thing that Paypal is doing right now that is legit and that is after you sign to their secure site (https) they ask you to sign (check a box) a new electronics delivery agreement.

This agreement allows paypal to send you email concerning your account and a few other rights. It is legit and if you do not agree to it by the end of the year you will no longer be able to use paypal's services.

Just remember this agreement only comes up after you have legitimately signed up through typing in their regular address.

One last note please never enter your paypal info in to an email from paypal even if it has your nam,e in the heading. This agreement I am speaking of only comes up after you have logged in to paypal in the normal fashion.

Be safe of be sorry!!!!

Bob

[Wiz Feinberg]

There is one thing that Paypal is doing right now that is legit and that is after you sign to their secure site (https) they ask you to sign (check a box) a new electronics delivery agreement.

This agreement allows paypal to send you email concerning your account and a few other rights. It is legit and if you do not agree to it by the end of the year you will no longer be able to use paypal's services.

...

Bob

Yep, I got that today and accepted it.

As a trained spam fighter I know how to display and decipher the hidden headers that exist in every email message. PayPal members usually have plenty of previously received legitimate messages from PayPal saved in the email clients inboxes or custom folders. One can open a know good PayPal email and copy the headers into Notepad, and save it for reference. If a suspicious email arrives, claiming to be sent from PayPal, open it's source code and compare it to the saved references. There are some lines that will always contain paypal.com and others that are merely forged. There are IP addresses in the Received From lines that can be looked up in a Whois search. If the IP belongs to PayPal, that will be shown in the Whois results. But, if the email was sent from a botted cable, or dsl customer's PC, or a mysterious mail server abroad, that will also be revealed.

If any is interested in learning about reading and understanding the meaning of email headers, contact me for personal consulting.

Otherwise, if you suspect or don't know if an email claiming to come from PayPal (or any other sire) is legitimate, ignore it. Open your browser and type in the URL to PayPal (https) and look for messages from them. This defeats most phishing scams.