Someone set up an e-Bay account using my ID and subsequently tried to access my Pay-Pal account. The spoof was a very clever note (purporting to be from Pay-Pal) claiming someone from e-Bay tried to access my Pay-Pal account illegally and asking me to click on a link to confirm my account numbers. etc.
I sent it to Pay-Pal who confirmed it is a spoof and are investigating it. Hope they nail the SOBs.
I know this is motherhood to most of you but don't ever type your passwords or account information into a site that you haven't accessed directly.
But the link does not take you to paypal.com! If you look at the link embedded or click on the link, it will take you somewhere else. It takes you to a page which asks for your user name and password.
They are trying to get your user name and password!
So *don't* click on links in emails then enter your user name and password for *anything*. The link you are actually going to may not be what is typed in the email.
"David Malone" wrote in message> Someone set up an e-Bay account using my ID and subsequently tried to> access my Pay-Pal account. The spoof was a very clever note> (purporting to be from Pay-Pal) claiming someone from e-Bay tried to> access my Pay-Pal account illegally and asking me to click on a link> to confirm my account numbers. etc.>
I sent it to Pay-Pal who confirmed it is a spoof and are investigating> it. Hope they nail the SOBs.>
I know this is motherhood to most of you but don't ever type your> passwords or account information into a site that you haven't accessed> directly.>
On Thu, 12 May 2005 07:14:12 -0700, "Billy Bob" <billybobnospam@yahoo.com> wrote:
But the link does not take you to paypal.com! If you look at the link>embedded or click on the link, it will take you somewhere else. It takes>you to a page which asks for your user name and password.
Exactly. But I imagine it's a pretty successful spoof because there are so many trusting souls out there who want to do the 'right thing' to, ironically, protect their accounts.
This scam has been around for so long I'm surprised it surprises anybody any more. I get probably a dozen or more of these a day purporting to be about my EBay account, bank accounts I don't have, credit card accounts, etc. They all say approximately the same thing: "(For some security reason) you need to confirm (i.e., re-enter) your account info or we'll have to close your account."
As you said, one should never use a link that's emailed to you - no legitimate company would do it that way, and it's a dead giveaway (at least to me). Another dead giveaway is that there's almost always some grammatical or spelling error somewhere in the email (often in the "boilerplate" business language). That means it's probably from a foreign source.
Pat Johnson Chicago
David Malone wrote:> Someone set up an e-Bay account using my ID and subsequently tried to> access my Pay-Pal account. The spoof was a very clever note> (purporting to be from Pay-Pal) claiming someone from e-Bay tried to> access my Pay-Pal account illegally and asking me to click on a link> to confirm my account numbers. etc.>
I sent it to Pay-Pal who confirmed it is a spoof and are investigating> it. Hope they nail the SOBs.>
I know this is motherhood to most of you but don't ever type your> passwords or account information into a site that you haven't accessed> directly.>
On Thu, 12 May 2005 14:29:44 GMT, Patrick Johnson <patrick.johnsonREMOVE@THIScomcast.net> wrote:
Another dead giveaway is that there's almost always some >grammatical or spelling error somewhere in the email (often in the >"boilerplate" business language). That means it's probably from a >foreign source.
I think they've discovered spell checkers since the early days - this one was impeccable.
On Thu, 12 May 2005 14:29:44 GMT, Patrick Johnson <patrick.johnsonREMOVE@THIScomcast.net> wrote:
As you said, one should never use a link that's emailed to you - no >legitimate company would do it that way....
Except that when you open a new account somewhere, most sites/companies email you an email containing a link to confirm your receipt of the email (and thus the validity of your email address).
Even there, though, there is generally an option to browse to a particular page on their site, and copy the confirming data into your browser, so you don't have to click on the emailed link if you're really paranoid about doing so.
Another dead giveaway is that there's almost always some>>grammatical or spelling error somewhere in the email (often in the>>"boilerplate" business language). That means it's probably from a>>foreign source.>
I think they've discovered spell checkers since the early days - this> one was impeccable.>
David "The Hamster" Malone
The last one that I got was perfect. It had a bunch of steps to confirm my account and some of the embedded links actually took you to the real paypal website. But if you complied with all of the steps in the email one of the steps looked like this:
The numbers for the URL are the giveaway. I never actually went to this site. But I have clicked on links to previous phishing scams just to see what the sites looked like. They look just like the paypal website. If you try and check the above spoof site you'll find that it has been de-activated. The spoof sites don't last very long.
If you get any suspicious emails for paypal, forward them to spoof@paypal.com.
Exactly. But I imagine it's a pretty successful spoof because there> are so many trusting souls out there who want to do the 'right thing'> to, ironically, protect their accounts.
Not trusting, naive. And inexperienced.
Been suckered once or twice myself, but never from an email.
