PayPal Warning Alert

H

Heath

Active Member
Joined
May 31, 2005
Messages
8,069
Reaction score
1
Protect Yourself From Fraudulent Emails

What is Spoof?

A spoof or phishing (pronounced "fishing") email is an email that is designed to look like it comes from a well-known company and that tells some story to get you to click a link or button in the email.

The links or buttons in the email take you to a website that is also called a "spoof" because it, too, fakes the appearance of a popular website or company. The spoof site asks you to input personal information, such as your credit card number, Social Security number or account password.

You think you are giving information to a trusted company, when in fact, you are supplying it to a criminal.

Common deceptive tactics of spoof emails and websites.

The following pages will help you prevent falling for a spoof email and protect your account. The lessons learned here can be applied not only on PayPal, but wherever you do business online.

Think an email is a spoof? Forward it to spoof@paypal.com.

Remember: The "From" field of an email can easily be altered—it is not a reliable indicator of the true origin of the email.

More Here:
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/general/Spoof-outside
 
Spoof Happens


--------------------------------------------------------------------------



Even Savvy Shoppers can Fall Victim to Email Spoofs



Anna Rorick is a tech-savvy person. She does most of her buying online, so she stays on top of the latest news about email fraud. “I always have the spoof radar running,” says Anna. “I update my antivirus stuff, change passwords, and follow the news about scams.” So it was a shock when Anna realized she’d fallen for one. “It really can happen to anyone!” says Anna. “I was caught off guard.”

What Happened to Anna
Anna received an email that said it was from a retailer she’d shopped with for years. “Ordinarily, I would have been more careful, but I’d just spent hours dealing with that store the day before, so I fell for it.”

Just the previous day, Anna had purchased several items from different vendors through that retailer. Unfortunately, her purchases were charged to an expired card, and Anna had to work with each vendor individually to complete her orders. “With PayPal, I wouldn’t have had to keep track of the information shared with all those different merchants.”

The spoofer had perfect timing. The email said, “due to recent activity, we’re doing a safety check on your account,” and asked Anna to click a link and enter her username and password on a website. Given the previous day’s events, she did.

Anna Realizes Her Mistake
“Later it dawned on me,” Anna says. “That’s a classic spoof tactic.” She notified the retailer of the spoof and changed the password on her account. Fortunately, there hasn’t been any fraudulent activity. Anna’s relieved, but remains on alert. “Even someone who’s knowledgeable can be fooled.”

After her experience, Anna appreciates the fact that merchants never see her financial information when she pays with PayPal. “I now realize the value of this protection.” She also signed up for the free Equifax credit alert service, available to PayPal users, to notify her of any activity on her credit report. “It makes me feel a lot safer,” Anna says, “knowing I’ll hear about anyone trying to open new accounts in my name.”

Read the Q&A with Dave Steer of PayPal’s Consumer Safety team.



What Anna Learned: Tips to Avoid Being Spoofed

Be aware – spoofers often use fake email addresses that look like they’re from your bank, major retailers, and even PayPal to fool you into revealing your password and financial information.
Look out for any email that starts with something like “Dear PayPal user” or “valued customer,” instead of your name.
Be wary of emails asking you for personal information such as:
Credit and debit card numbers
Bank account numbers
Driver’s license numbers
Email addresses
Passwords
Your full name
Never give out your username or password on a site you’ve clicked through to from an email – especially if the email uses a false sense of urgency about your account being closed or your credit cards expiring.
Instead, if you doubt the authenticity of an email from a trusted vendor, simply open a new web browser, type in the URL by hand, and perform the requested activity.
Look closely at any email about updating your account, password, or credit card numbers. Spoofers use tricks like these to get you to respond. See an example of a spoof email.
Visit the PayPal Anti-Spoof page for more information.
Spoof Happens


--------------------------------------------------------------------------



Even Savvy Shoppers can Fall Victim to Email Spoofs



Anna Rorick is a tech-savvy person. She does most of her buying online, so she stays on top of the latest news about email fraud. “I always have the spoof radar running,” says Anna. “I update my antivirus stuff, change passwords, and follow the news about scams.” So it was a shock when Anna realized she’d fallen for one. “It really can happen to anyone!” says Anna. “I was caught off guard.”

What Happened to Anna
Anna received an email that said it was from a retailer she’d shopped with for years. “Ordinarily, I would have been more careful, but I’d just spent hours dealing with that store the day before, so I fell for it.”

Just the previous day, Anna had purchased several items from different vendors through that retailer. Unfortunately, her purchases were charged to an expired card, and Anna had to work with each vendor individually to complete her orders. “With PayPal, I wouldn’t have had to keep track of the information shared with all those different merchants.”

The spoofer had perfect timing. The email said, “due to recent activity, we’re doing a safety check on your account,” and asked Anna to click a link and enter her username and password on a website. Given the previous day’s events, she did.

Anna Realizes Her Mistake
“Later it dawned on me,” Anna says. “That’s a classic spoof tactic.” She notified the retailer of the spoof and changed the password on her account. Fortunately, there hasn’t been any fraudulent activity. Anna’s relieved, but remains on alert. “Even someone who’s knowledgeable can be fooled.”

After her experience, Anna appreciates the fact that merchants never see her financial information when she pays with PayPal. “I now realize the value of this protection.” She also signed up for the free Equifax credit alert service, available to PayPal users, to notify her of any activity on her credit report. “It makes me feel a lot safer,” Anna says, “knowing I’ll hear about anyone trying to open new accounts in my name.”

Read the Q&A with Dave Steer of PayPal’s Consumer Safety team.



What Anna Learned: Tips to Avoid Being Spoofed

Be aware – spoofers often use fake email addresses that look like they’re from your bank, major retailers, and even PayPal to fool you into revealing your password and financial information.
Look out for any email that starts with something like “Dear PayPal user” or “valued customer,” instead of your name.
Be wary of emails asking you for personal information such as:
Credit and debit card numbers
Bank account numbers
Driver’s license numbers
Email addresses
Passwords
Your full name
Never give out your username or password on a site you’ve clicked through to from an email – especially if the email uses a false sense of urgency about your account being closed or your credit cards expiring.
Instead, if you doubt the authenticity of an email from a trusted vendor, simply open a new web browser, type in the URL by hand, and perform the requested activity.
Look closely at any email about updating your account, password, or credit card numbers. Spoofers use tricks like these to get you to respond. See an example of a spoof email.
Visit the PayPal Anti-Spoof page for more information.


https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/general/SpoofHappen-outside
 
Yea, I get the false PP information, simply watch out for false link, when you use mouse over the link and look at the bottom of browser, if you see different link it's a FALSE link (Spoofed) and send report to PP security, they'll investige and trace thier IP addys. Becareful don't click the false links.
 
you're paronid...

simple thing.. Pay Pal has security... as long you have to make sure not you're fraud???

That reason Pay pal has to keep checking on them everyone to make sure..

I have email got those.. and just advise them.

I bet you jumpy!
lol
 
This is very old... VERY OLD. I get emails from banks, eBay, PayPal, and many other websites asking me to confirm my account information.

One thing I keep in mind is that they will never email me asking for my information like that. Another thing, it's always obvious for me because I use multiple email accounts for different websites. I'll get email from eBay to one account, but I don't use that account for eBay. I'll get email from PayPal to one account, but I don't use that account for PayPal. I'll get email from a few different banks, but I don't even have an account with those banks... so I ignore all of them.

Sometimes, I'll actually reply using a bogus account name and a password that says... "fuckyou" or "blowme" just to piss them off. ;)
 
Old Story

Betcha he got nothing better to do... he seems to be yelling like a wolf at every turn on every issue... *sigh* :dunno:
 
Deaf Images said:
Betcha he got nothing better to do... he seems to be yelling like a wolf at every turn on every issue... *sigh* :dunno:
Click to expand...

You have a very urge need to be negative at every turn.

I am simply providing information to help protect ourselves from scammers, rip off artists etc.
 
Nothing new to me. I've been a member of Paypal since 2001. I know about that. One time someone stole $90 from my Paypal account. I called them to request for a claim. They never sent me the forms to claim it. It was before Paypal was aquired by E-bay.
 
It's not a problem for me,Pay Pal has security and it shouldn't be a problem for anyone.
 
all you have to do is... click the link to make sure the URL address is real. If not.. ignore it.
 
How do I spot a phish? Here's what I do:

In Microsoft Outlook, I went into Junk Mail, open a spoof e-mail with links and all other functionality turned off, view the message options dialog, and look into a header. Here's my example:

Code: 
X-Message-Status: n:0
X-SID-PRA: service@pay-pal.com
X-SID-Result: TempError
X-Message-Info: txF49lGdW41RNVHoAmP0hgRjnfgZFg6EAQlV7NRG8PU=
Received: from lgc.hu ([62.112.193.190]) by bay0-mc9-f16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Sun, 28 May 2006 20:38:02 -0700
Received: by lgc.hu (Postfix, from userid 33)
	id F064C147ACB; Mon, 29 May 2006 05:37:15 +0200 (CEST)
To: ------------
Subject: update your account
From: <service@pay-pal.com>
Reply-To: 
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Return-Path: www-data@lgc.hu
Message-ID: <BAY0-MC9-F16TZgX1wg004e1036@bay0-mc9-f16.bay0.hotmail.com>
X-OriginalArrivalTime: 29 May 2006 03:38:02.0572 (UTC) FILETIME=[49DE50C0:01C682D1]
Date: 28 May 2006 20:38:02 -0700

I know there's no such thing as pay-pal.com which are very obvious (can't you say social engineering? :) ), but I only focus in the first return field. Do you notice why it didn't say "paypal.com" in my header? It's because somebody have tried to get me to think that the e-mail came from PayPal, but no matter how hard they try, I can never be fooled and my chance of being fooled are almost at 0%--maybe 0.1% as I can't be so sure about that...

Then, once I spot spoofed e-mail, I forward the e-mail to pirt (AT) castlecops (DOT) com.

Of course, doing a WHOIS lookup in the IP address to spot spoof as provided by a return field) can help me make sure it's spoof, but whatever's in the return field that doesn't came from PayPal or the bank are more than enough for me to spot spoof.
 
GraysonPeddie said:
How do I spot a phish? Here's what I do:

In Microsoft Outlook, I went into Junk Mail, open a spoof e-mail with links and all other functionality turned off, view the message options dialog, and look into a header. Here's my example:

Code: 
X-Message-Status: n:0
X-SID-PRA: service@pay-pal.com
X-SID-Result: TempError
X-Message-Info: txF49lGdW41RNVHoAmP0hgRjnfgZFg6EAQlV7NRG8PU=
Received: from lgc.hu ([62.112.193.190]) by bay0-mc9-f16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Sun, 28 May 2006 20:38:02 -0700
Received: by lgc.hu (Postfix, from userid 33)
	id F064C147ACB; Mon, 29 May 2006 05:37:15 +0200 (CEST)
To: ------------
Subject: update your account
From: <service@pay-pal.com>
Reply-To: 
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Return-Path: www-data@lgc.hu
Message-ID: <BAY0-MC9-F16TZgX1wg004e1036@bay0-mc9-f16.bay0.hotmail.com>
X-OriginalArrivalTime: 29 May 2006 03:38:02.0572 (UTC) FILETIME=[49DE50C0:01C682D1]
Date: 28 May 2006 20:38:02 -0700

I know there's no such thing as pay-pal.com which are very obvious (can't you say social engineering? :) ), but I only focus in the first return field. Do you notice why it didn't say "paypal.com" in my header? It's because somebody have tried to get me to think that the e-mail came from PayPal, but no matter how hard they try, I can never be fooled and my chance of being fooled are almost at 0%--maybe 0.1% as I can't be so sure about that...

Then, once I spot spoofed e-mail, I forward the e-mail to pirt (AT) castlecops (DOT) com.

Of course, doing a WHOIS lookup in the IP address to spot spoof as provided by a return field) can help me make sure it's spoof, but whatever's in the return field that doesn't came from PayPal or the bank are more than enough for me to spot spoof.
Click to expand...

Yep, I do same to look at it, I am on a linux box to search up whois and copy the whois information into fowarded message to send off to spoof (at) paypal (dot) com. they can catch a fraudant into jail box..
 
EDGE said:
all you have to do is... click the link to make sure the URL address is real. If not.. ignore it.
Click to expand...


No, don't click on the link.

If it's from ebay, then type in "www.ebay.com" yourself and if it is real, you will have a copy in your "my messages." Same with paypal. If you get an email from paypal, go type in www.paypal.com and see if the same thing is there under your paypal account. DON'T click on links.
 
Bank of America have thier own mailing system put in place so I'll 100% know it's from Bank of America.
 
Back
Top