Aug 18

Written by:
2009/08/18 09:52 AM 

The first email, well one of many, I received requesting me to update my information, required me to go to a site and update my credit card details. You would think that people using PayPal, email, and the internet would be in the know about such scam. Not so.

I blogged about this first round of phishing scams. Read about it at Fraud, Phishing and Spam from Paypal.

But now there is another email scam. Slightly different than the first. This one deals with unauthorised credit card use. Sounds pretty scary right. I mean who wants their credit card to be used by fraudsters on the internet?You would want to do anything to stop it right?

Here is a snippet of what the email looked like.

We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.

Case ID Number: PP-435-57-622

This is a reminder to restore your account as soon as possible.

Please download the form attached to this email and open it in a web browser. Once opened, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.

In accordance with PayPal's User Agreement, your account access will remain limited until the issue has been resolved.

Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to restore your PayPal account as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

The email had an html file attached, which when browsed looks very authentic. Even the links on the site, open up pop-up windows and take you to the legitimate PayPal site for security and credit card help information. Looks all very legit. Problem is that the form post goes nowhere near PayPal, but to some obscure IT address, with a PHP file extension. Obviously used to collect your details. Have a look at what the page looks like.

Two things I noticed about this form that should set off the warning bells, emergency red lights, sirens, what ever gets your attention. This is besides the credit/debit card number and card expiration date.

• CSC – Which I assume is similar to the CVV number for the credit card
• ATM Pin – For the Debit card

It should be drummed into our heads. Never give away your pin, to anyone. You should be very wary about supplying your CVV number to suspect sites. Especially if you’re not making a valid purchase. If anyone is updating your account, there is no need for these two values. They are yours. Guard them with your life.

PayPal’s Views

To help you better identify fake emails, PayPal follow strict rules. They will never ask for the following personal information in email:

• Credit and debit card numbers
• Bank account numbers
• Driver's license numbers
• Email addresses
• Passwords
• Your full name

Read more about PayPal's Phishing Guide here

Related Reading:

Fraud, Phishing and Spam from PayPal.

 

 

New here, or perhaps you've been here a few times? Like this post? Why not subscribe to this blog and get the most up to date posts as soon as they are published.

blog comments powered by Disqus