WARNING: probable fraud aimed at PayPal users

[bhoggett]

Notice of possible fraudulent e-mail sent on behalf of PayPal's "PaySecurity".



This was originally posted in the forums, but it seems important enough to merit front page treatment.

Today I received an e-mail apparently from PayPal titled "Dear PayPal Customer" requesting confirmation of various details to comply with security changes they are making.

THIS IS ALMOST CERTAINLY A FRAUDULENT MAIL!

Reason 1: the form is sent directly to your mailbox, not accessed via a secure website at PayPal.

Reason 2: it requires you to enter your ATM PIN number. This should never be divulged to anyone, even the staff at your own bank or credit company. The usual way to verify your card is via a security code printed on the back of the card.

Reason 3: the notification expires today, 31st of May 2003. This is a blatant attempt to scare people into completing the form before they have time to think about it.

DON'T DO IT.

I am sending whatever details I have to PayPal administration, including the code to the mail in question.

[redrumloa]

I saw this email about a month ago and it certainly is fraud. It looks official, but with some easy investigation it certainly is fraud.

I can see alot of grandmas and everyday (non advanced) users getting shafted.

[cyka_delik]

hmm doesn't apply to me but this is alarming.

[Ilwrath]

Yep... There are also eBay e-mail notices that feature page code ripped right from eBay's login page (so it looks very real) but send any data you fill in to a form off to a non-eBay site that collects them.  (In the case of the one I saw, it was a SBC-webhosting site... how much you wanna bet it was paid for by stolen paypal accounts?)

In short, don't type in any information if you aren't sure you know where it's going.  ;-)

[amigamad]

Im glad i never use paypal i only bid on things on ebay if they take a personal cheque. :-o

[Acill]

Yup a total scam. I have received a few of them ebay ones myself. I looked at the HTMLcode and traced the source of the message. Its not real. I sent it to the FBI internet fraud site and they even sent me a thank you reply.

[KennyR]

A bit late to post this now, but I spotted that someone else noticed too.

Paypal scam in New Zealand.

[amigau]

I get one of these almost every time I sell something on eBay lately, because my eBay account is an email address (doh!).  I was sending them on to eBay support so they can track these shysters down, but I got tired of having to do it all the time (let eBay support do it, that's what they are paid for  so I just delete them now.

But note that eBay will NEVER ask for credit card information in an email, nor ask you to 'update' stuff like that in an unprotected email.  Nor should any other honest company, for that matter so ANYTIME you see something like that, tell your ISP, eBay or whomever might be able to do something about it. .

kevin orme
amiga university
www.amigau.com

[bhoggett]

@KennyR

A bit late to post this now, but I spotted that someone else noticed too.

Paypal scam in New Zealand.

Actually, that looks relatively harmless compared to this one:




(Image resized and cropped, so any inaccuracies are probably due to my processing  :-) )

Everything in the source looks genuine enough except the URL where your data is sent:

http://www.paypal.com@speedgo.port5.com/zzz.php

See? (Actually, you will only see this if you examine the source, as it doesn't show when placing the curson over any links or buttons)