Another phishing spam email from PayPal
Aug18Written by:
2009/08/18 09:52 AM
Phishing emails, 419 scams, scams sites, the internet is rife. These people pray on the uninformed and uneducated, and internet illiterate. I have received emails before from PayPal, requesting me to go to a site to update my details. Which obviously I didn't. But I received another one, slightly different.
The first email, well one of many, I received requesting me to update my information, required me to go to a site and update my credit card details. You would think that people using PayPal, email, and the internet would be in the know about such scam. Not so.
I blogged about this first round of phishing scams. Read about it at Fraud, Phishing and Spam from Paypal.
But now there is another email scam. Slightly different than the first. This one deals with unauthorised credit card use. Sounds pretty scary right. I mean who wants their credit card to be used by fraudsters on the internet?You would want to do anything to stop it right?
Here is a snippet of what the email looked like.
We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.
Case ID Number: PP-435-57-622
This is a reminder to restore your account as soon as possible.
Please download the form attached to this email and open it in a web browser. Once opened, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.
In accordance with PayPal's User Agreement, your account access will remain limited until the issue has been resolved.
Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to restore your PayPal account as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
The email had an html file attached, which when browsed looks very authentic. Even the links on the site, open up pop-up windows and take you to the legitimate PayPal site for security and credit card help information. Looks all very legit. Problem is that the form post goes nowhere near PayPal, but to some obscure IT address, with a PHP file extension. Obviously used to collect your details. Have a look at what the page looks like.
Two things I noticed about this form that should set off the warning bells, emergency red lights, sirens, what ever gets your attention. This is besides the credit/debit card number and card expiration date.
- CSC – Which I assume is similar to the CVV number for the credit card
- ATM Pin – For the Debit card
It should be drummed into our heads. Never give away your pin, to anyone. You should be very wary about supplying your CVV number to suspect sites. Especially if you’re not making a valid purchase. If anyone is updating your account, there is no need for these two values. They are yours. Guard them with your life.
PayPal’s Views
To help you better identify fake emails, PayPal follow strict rules. They will never ask for the following personal information in email:
- Credit and debit card numbers
- Bank account numbers
- Driver's license numbers
- Email addresses
- Passwords
- Your full name
Read more about PayPal's Phishing Guide here
Related Reading:
Fraud, Phishing and Spam from PayPal.
New here, or perhaps you've been here a few times? Like this post? Why not subscribe to this blog and get the most up to date posts as soon as they are published.
blog comments powered by 2 comment(s) so far...
Re: Another phishing spam email from PayPal
I have a Paypal account for about 4 years now. Regular receive these type of emails. Best is to ignore and if in doubt log in to your account via your normal link. I know Paypal had a bit of bad reputation, but I cannot complain. Pity they do not provide full facilities in SA. At the end of the day there will always be a scam as long as people fall for it. By Rustig on
2009/08/18 10:19 AM
|
Re: Another phishing spam email from PayPal
I also have a PayPal account. Haven't used it. We cannot draw money out of PayPal here in South Africa. So unless I want to use PayPal as a money store to buy goods online, it seems pointless for me. By Robert Bravery on
2009/08/18 10:36 AM
|