OT: Is This A New Scam

AlanC wrote on 3/1/2006, 12:56 AM
I received this e-mail today:

Dear valued PayPal ® member:

Due to concerns, for the safety and integrity of the PayPal
account we have issued this warning message.

It has come to our attention that your PayPal ® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud or on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.

Once you have updated your account records your PayPal account
service will not be interrupted and will continue as normal.

To update your PayPal® records click on the following link:
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Thank You.

What makes me suspicious is the fact that I never opened a Paypal account.

Alan

Comments

briang wrote on 3/1/2006, 1:10 AM
Alan

I got a similar email yesterday, and I believe the the answer to your question is Yes. I have received these in the past and ignored them.

There is also a current warning about a PayPal email with a Trojan attachment, which has the following characteristics which appeared today, on www.itnews.com.au which is a major Australian Web Site dedicated to the IT Industry:

"The company has said:

UK-based BlackSpider Technologies said that it had already intercepted more than 3.2 million messages with an attached trojan, and claimed that it took 52 hours for the first anti-virus vendor to issue a signature that detected and deleted the malware.

Clagger.h, as Sophos dubbed it (Symantec named it "PWSteal.Tarno.s"), comes with the subject head of "Notification: Your Account Temporally Limited," and targets PayPal users. The associated e-mail claims that PayPal has detected unusual activity on the recipient's PayPal account. If the user opens the attached file, Clagger.h silently installs.

Not only does Clagger.h set a backdoor so the attacker can later add more malicious code to the PC, but it lurks in the background and nabs usernames and passwords from any window or webpage with text strings ranging from "cash" and "bank" to "log" and "id."

"This Trojan horse has been aggressively seeded, using spam technology, to distribute malicious code to as many vulnerable computers as possible, in the shortest amount of time," said Graham Cluley, a Sophos senior technology consultant, in a statement.

Astute users will be waved off by a gaffe in the spam's subject heading.

"A simple spelling mistake in the subject line should alert innocent recipients that this isn't a genuine message from PayPal," he added. In the message, the word "Temporarily" is misspelled as "Temporally," although it's conceivable that the hacker was trying to tell users that their PayPal password was limited by materialistic or ephemeral qualities. Or not.

"People should always think carefully before running unsolicited code on their computer," Cluley advised.

Hope this helps you and others.

BrianG

AlanC wrote on 3/1/2006, 1:32 AM
Thanks Brian, I thought as much.

B*S*A*DS!!!
Jay Gladwell wrote on 3/1/2006, 3:37 AM

ANY e-mail from PayPal that starts with "Dear valued PayPal ® member" is a scam.

PayPal e-mail salutations address the client by name and nothing else.


Chienworks wrote on 3/1/2006, 4:34 AM
This is a scam, but it is not new. I've been getting these for a couple of years now. Some are trojans, but most are attempts at identity theft. Certainly the link you click is not directed to "www.paypal.com". If you hover your cursor over the link you'll find it goes to something like "www.paypal.com-cgi-bin-webscr-cmd-login.50313.com". This is not paypal, but going there will bring up a screen that looks just like the paypal login screen. No matter what username and password you put in, it will accept it and then show a form for entering banking and credit information. Of course, if you think you are at PayPal's screen and fill it in then you will have given all that information to theives.

What i had been doing with these for a while was going to the form and filling it in with what seemed like valid information but was completely made up. The theory is that if these folks receive so much bogus information that it's not worth their time and effort to sort through for the few good ones, they'll stop trying. It doesn't seem to have worked so far though.
TomE wrote on 3/1/2006, 4:40 AM
You should forward it to spoof@paypal.com so they can deal with it.

They use the graphics from the actual paypal site but if you hunt around in the e-mail you will see an address to some element that is clearly phony.

Grazie wrote on 3/1/2006, 5:12 AM
Yup, me too! delete move on . . . -g
rs170a wrote on 3/1/2006, 6:09 AM
It's not only Pay Pal that these come from. I've gotten similar emails that claim to be from EBay, CitiBank, Amazon, and a bunch of others. As others have said, try to report it to the real site, delete it and move on.

Mike
Laurence wrote on 3/1/2006, 6:56 AM
I'm embarrassed to say this but several months ago I responded to just such an email, and "updated" my account so to speak. About a week later, early in the morning I tried to make an ATM withdrawl but couldn't because my daily limit had already been reached for that day. It turned out that from the day I did this on, at the break of each commercial day, the maximum of $300 per day had been withdrawn via foreign ATM from my account. Several thousand dollars was taken in all. My bank made up the money to me, but I'll never be that stupid again.
Former user wrote on 3/1/2006, 7:05 AM
Man that is good that the bank made it okay.

I get these all of the time too, just ignore them or report them.

Dave T2
Former user wrote on 3/1/2006, 7:43 AM
My ISP (cox.net) must have the best spam / phish filters available. I have the filters turned on at the mail server level and I never get any of this stuff anymore. If I do get an email from ebay, PayPal, etc. then it is probably a legitimate one (PayPal and ebay always states my full name in the message).

Check with your ISP and see if they offer server level message filtering. You can usually manage it via the ISP's web portal.

Jim
Coursedesign wrote on 3/1/2006, 8:04 AM
If I do get an email from ebay, PayPal, etc. then it is probably a legitimate one

If you never click on an e-mailed link, but instead go to your web browser and enter the address manually and log in that way, you won't fall prey to false web sites (as long as your web browser is up-to-date with patches, and Firefox is still more safe until IE7 works properly).

Btw, after Microsoft released the first public beta of the "new, secure IE7 browser," it took about 3 hours before the first security flaw was found....
riredale wrote on 3/1/2006, 8:16 AM
About 6 months ago I got an email from Bank Of The West, a smaller bank here on the West Coast of the U.S. The email said that there were scams out there, and please log in and verify that things were okay. They provided a URL, and when I clicked on it, a very official-looking page appeared, with logos and everything. Very first-rate.

Only problem was that I never had a Bank Of The West account.

I went back and examined the URL, and compared it to the regular URL one gets by going to the real website directly. I couldn't see any difference. How on earth could they redirect the official URL to their own fake site?

Here are the two addresses:

http://www.bankoffhewest.com/login
http://www.bankofthewest.com/login

Only by copying and pasting the text into a .txt document with a different font could I see what they had done. The top URL is "bank off he west." Pretty clever, eh?
Former user wrote on 3/1/2006, 8:36 AM
Sometimes on the fake pages they will use actual links to the real website so you can't even tell by clicking on the links.

Only go to the website through the official link in your browser favorites (or whatever). Do Not Click on links provided by the email.

Dave T2
rmack350 wrote on 3/1/2006, 8:40 AM
Of course this means that people with sloppy fingers are likely to get the bogus site by mistake. I wonder if google returns results at that address?

Rob Mack
Coursedesign wrote on 3/1/2006, 8:44 AM
It is important to stop these impostor domains as quickly as possible.

If the real domain has a spoof@...com e-mail address, send it to them.

Misspelled entries in search engines are a whole industry. Very big, and lots of tools available to use this for piggybacking onto somebody else's name.
johnmeyer wrote on 3/1/2006, 9:23 AM
These scams are all over the place. I get over a dozen a day.

Here's one way to tell if they are fake. Most of them use a image file to display text that looks real, or they give you a link to click on that looks real, but takes you somewhere else. If you "hover" your mouse over the place where they want to link (don't click, for heaven sake), you should see the actual URL (address) in the lower left corner of your browser or email program.

For instance, I just went to my trash and fished out one of these at random. The text says:

"We apologies for any inconvinience this may caused you and we strongly advise you to update your information you have on file with us. Clicking

However, when I hover over the https address, and look in the bottom left corner of Outlook Express, the actual address I'm going to go to if I click is:

http://theyz.net/www.paypal.com/cgi-bin/webscrcmd_login.php

Note that while the word "paypal" does appear, the main root of the URL is "theyz.net" which is obviously not the paypal site.

While some of the scams disguise their return address a little more cleverly, most do not. Also, note the several misspellings. The people that do these are morons and don't even use a spell checker. Paypal generally checks its spelling.
filmy wrote on 3/1/2006, 9:30 AM
Sounds a lot like This e-bay thread where we talked about emails "from" ebay and paypal talking about accounts being hijaked or having "routine" work done on them. in my case I did not even have an ebay account. Have not gotten any more of those emails but over that last week I have gotten about 6 emails for "Chase Manhattan Bank" along the same lines - log on to your account as it has been breached and so on. Same wording, different scam to get personal info.

EDIT - Spelling

Steve Mann wrote on 3/2/2006, 1:27 AM
"Man that is good that the bank made it okay. "

That's because the potentially bad publicity from NOT making it good would kill their business.
wolfbass wrote on 3/2/2006, 2:20 PM
Ha!

I got my Chase Manhattan and a Lloyd's of London ones today!

Add this to the Coca Cola sweepstakes I got yesterday, all I need is the IK Lottery winner to complete the set this week!

A
[r]Evolution wrote on 3/4/2006, 11:24 AM
1- You update your info
2- They log in and steal your money
Maverick wrote on 3/4/2006, 12:07 PM
I, too, get so many of these scam emails on a daily basis. It's almost laughable that they try to tell me my account has been compromised when I don't even have an account with the bank or whatever in question. Laughable if it wasn't for the fact that so many people get caught out.

I think most banks inform you that they will never email you in this way and they will certainly never send an attachment.

As stated before, always go to a secure website that hold such sensitive & financial data via typing the proper URL and NEVER via a link - even if the link is from the bank itself. You never know who has had access to your email before you receive it.
LyricsGirl wrote on 3/6/2006, 6:32 AM
These are definately scams.

Paypal will - in ALL emails / correspondence to members- address you by your First and Last name / Company name

This is a security device in place by Paypal.

refer: http:www.paypal.com/

I cannot cut and paste the address - you have to be logged in to access this - so I paste it here...


Protect Yourself from Fraudulent Emails

At PayPal, protecting your account's security is our top priority. Recently, PayPal members have reported suspicious-looking emails and fake websites. These emails are not from PayPal and responding to them may put your account at risk. Please protect your PayPal account by paying close attention to the emails you receive and the websites you visit.

Please use the following tips to stay safe with PayPal:

* Safe Log In: To log in to your PayPal account or access the PayPal website, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com.au
* Greeting: Emails from PayPal will address you by your first and last name or the business name associated with your PayPal account. Fraudulent emails often include the salutation "Dear PayPal User" or "Dear PayPal Member".
* Email Attachments: PayPal emails will never ask you to download an attachment or a software program. Attachments contained in fraudulent emails often contain viruses that may harm your computer or compromise your PayPal account.
* Request for Personal Information: If we require information from you, we will notify you in an email and request that you enter the information only after you have safely and securely logged in to your PayPal account.

Often, fraudulent emails will request details such as your full name, account password, credit card number, bank account, PIN number, National Insurance Number, or mother's maiden name.

If you think that you have received a fraudulent email (or fake website), please forward the email (or URL address) to spoof@paypal.com.au and then delete the email from your mailbox. Never click any links or attachments in a suspicious email.

To learn more about protecting your PayPal account, please review our Security Tips.

Mass Pay | Referrals | About Us | Accounts | Fees | Privacy | Security Centre | Contact Us | User Agreement | Developers | Product Disclosure Statement

PayPal, an eBay company

LG