Paypal scam - need advice

[Chris Fitzgerald]

I opened my university email account today for the first time in a while, and one of the emails read thusly:

You have added conterman@aol.com as a new email address for your PayPal account.

If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page.

--------------------------------------

PROTECT YOUR PASSWORD NEVER give your password to anyone and ONLY log in at https://www.paypal.com/. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.

It sounds like the email itself is either a scam, or someone is trying to scam on my account. It's been so long since I used paypal, I don't even remember my password. What should I do to check in on this? The whole identity theft thing is just so damned creepy.

[hdiddy]

DURRRL, are you sure that wasn't phishing attack? Phishing attacks will send you e-mails as if they're from a reputable source that includes links in the e-mails that you're supposed to click on and fall for. If you click on the link, it'll take you to a page that is identical to Paypal's site. The idea is to freak you out so that you'll use the provided links to find out whats going wrong. But victims will inadvertently sign into a bait-and-switched website and give their username/password up to the attacker.

Whatever you do, don't use the links provided in that email. To find out if it's a phising attack, you can try viewing the e-mail in it's original text only form. You'll see the text and everything in the e-mail as plain text, not HTML. The baited-links in the email should have actual href="http://...." values that point to somewhere other than paypal.

Best way to make sure your account is ok, is to go to paypal directly using your browser and check all of your account info. I've recieved phishing attacks like this myself and poked around with them. As long as you don't log in into the false website, you'll be fine.

[VTDB]

There is a "Forgot Your Password?" link in the login page. I would follow those instructions so that you can at least get into your account and then if this was a legit email and someone is actually trying to scam you you should be able to take care of it. Also, I found this on the website:

At PayPal, protecting your account's security is our top priority. Recently, PayPal members have reported suspicious-looking emails and fake websites. These emails are not from PayPal and responding to them may put your account at risk. Please protect your PayPal account by paying close attention to the emails you receive and the websites you visit.

Please use the following tips to stay safe with PayPal:

* Safe Log In: To log in to your PayPal account or access the PayPal website, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com
* Greeting: Emails from PayPal will address you by your first and last name or the business name associated with your PayPal account. Fraudulent emails often include the salutation "Dear PayPal User" or "Dear PayPal Member".
* Email Attachments: PayPal emails will never ask you to download an attachment or a software program. Attachments contained in fraudulent emails often contain viruses that may harm your computer or compromise your PayPal account.
* Request for Personal Information: If we require information from you, we will notify you in an email and request that you enter the information only after you have safely and securely logged in to your PayPal account.

Often, fraudulent emails will request details such as your full name, account password, credit card number, bank account, PIN number, Social Security Number, or mother's maiden name.

If you think that you have received a fraudulent email (or fake website), please forward the email (or URL address) to spoof@paypal.com and then delete the email from your mailbox. Never click any links or attachments in a suspicious email.

[Jeremy Allen]

I suspect that's a scam of some kind, Chris. I just added my university email address to my PayPal account to see what happens when one does that, and as you might expect the confirmation message/directions for completing the process are sent to the new email address, not to your original address. However, your original address does receive this email:

Dear Jeremy Allen,


You have added jlallen@indiana.edu as a new email address for your PayPal account.

If you did not authorize this change or if you need assistance with your account,
please contact PayPal customer service at:

https://www.paypal.com/us/wf/f=ap_email

Thank you for using PayPal!
The PayPal Team


Please do not reply to this email. This mailbox is not monitored and you will not
receive a response. For assistance, log in to your PayPal account and click the
Help link located in the top right corner of any PayPal page.

----------------------------------------------------------------
PROTECT YOUR PASSWORD

NEVER give your password to anyone, including PayPal employees. Protect yourself
against fraudulent websites by opening a new web browser (e.g. Internet Explorer
or Netscape) and typing in the PayPal URL every time you log in to your account.


----------------------------------------------------------------



PayPal Email ID PP007

You can see that there are subtle but important differences in the email I received and the one you got. I think it is a good idea to log into your account and see which addresses are under your name: my account-->profile-->email. That will show you which email addresses are on your account, which are confirmed, and which one is the primary one. It seems like a pretty boneheaded scam...

[rachelcalin]

If you havent already deleted it, all you need to do is forward the email, in its entirety, to: spoof@paypal.com to report these types of spam/phishing emails. If youve deleted it, no need to worry..... youll get more eventually

[Chris Fitzgerald]

Quote:

Originally Posted by hdiddy

DURRRL, are you sure that wasn't phishing attack? Phishing attacks will send you e-mails as if they're from a reputable source that includes links in the e-mails that you're supposed to click on and fall for. If you click on the link, it'll take you to a page that is identical to Paypal's site. The idea is to freak you out so that you'll use the provided links to find out whats going wrong. But victims will inadvertently sign into a bait-and-switched website and give their username/password up to the attacker.

That sounds about right.

Quote:

Whatever you do, don't use the links provided in that email. To find out if it's a phising attack, you can try viewing the e-mail in it's original text only form. You'll see the text and everything in the e-mail as plain text, not HTML. The baited-links in the email should have actual href="http://...." values that point to somewhere other than paypal.

How do I do this from groupwise? I don't know how to view in text only. If it was on TB, yes, but...

Quote:

Best way to make sure your account is ok, is to go to paypal directly using your browser and check all of your account info. I've recieved phishing attacks like this myself and poked around with them. As long as you don't log in into the false website, you'll be fine.

I did go to paypal and try to log in. I had to reset my password, and when logged in, I found that my recieving limit was low, and my sending limit was "0". It also reported no action in the last 7 days. What I'd like to do is close the damn thing entirely and be done with it. How do I do that?

Thanks for all of the helpful responses, folks. I don't trust internet transactions....I'm old school, I guess. The only places I order online with are Bob G., Lemur, and 8th street. My brother had his identity stolen, and it was a nightmare.

People can be real ****heads, can't they?

[PaulCannon]

I received a very similar email a number of months ago. Funny thing is that I don't have a paypal account. Also got one from Chase bank accounts, which I also don't subscribe to.

It's the same scam.

[STRONGBOW]

I just received something wierd yesterday that was ostensibly from PAYPAL, only mine stated that someone had hijacked my account and had posted charges on 12 March. Although I had set up an account in 2005 I have never used it, as I felt it was not secure. This email had a link to open to "correct" the problem and regain my account. I called my credit card company and verified that there were no unauthorized charges on my cc...sounded like a scam to me....

[STRONGBOW]

I just received something wierd yesterday that was ostensibly from PAYPAL, only mine stated that someone had hijacked my account and had posted charges on 12 March. Although I had set up an account in 2005 I have never used it, as I felt it was not secure. This email had a link to open to "correct" the problem and regain my account. I called my credit card company and verified that there were no unauthorized charges on my cc...sounded like a scam to me....

[christ andronis]

Quote:

Originally Posted by rachelcalin

If you havent already deleted it, all you need to do is forward the email, in its entirety, to: spoof@paypal.com to report these types of spam/phishing emails. If youve deleted it, no need to worry..... youll get more eventually

+1

I just did this and I do it all the time with e-bay. Just forward the e-mail to the spoof@paypal.com address and they'll e-mail you back saying whether it's legit or not. Mine was not legit. The only way to stop these jerks is to report them every time. Paypal surely will respond cause it affects their business. Sometimes the bottom line is a good thing. Good luck.

[Jeremy Allen]

Ha! And by simply making the test changes to my account yesterday, I have apparently opened myself up for more badly-spelled, highly-suspicious scam emails from PayPal phishers. Just more stuff to forward to spoof@paypal.com I guess.

BTW, I myself have never been burned by any of these scam emails, and I have to say I've had a pretty good experience using a PayPal business account. As such a widely-used service, they're a natural target, but they've kept my bank account information safe and my transactions painless for a couple of years now.

[hdiddy]

Yup, those are all phishing attacks. There's nothing wrong with paypal or whatever else. They're just bait for the hacker. I've seen stuff for citibank personally, and I don't even have a citibank account myself. You should report all of them to someone else who can respond to it.

http://en.wikipedia.org/wiki/Phishing

I love wikipedia!!!

Quote:

Originally Posted by DURRL

How do I do this from groupwise? I don't know how to view in text only. If it was on TB, yes, but...

Mm... I don't know groupwise. On GMail, you pick the "show original" option and you'll see everything, where it came from, who it was intended for. And then you'll see the HTML. Sometimes, you can just try doing a rollover on a link so a tooltip or the status bar can show up for it and you might see a different address than what it says.

[Shelly Renzelman]

Quote:

How do I do this from groupwise? I don't know how to view in text only. If it was on TB, yes, but...

Are you using a harddrive installed version of Groupwise or the web version? To change your view in the installed version of Groupwise, you simply open your message, then click on the view menu and choose "Plain Text" instead of "HTML". If you are using the web version, you do not have the option of viewing text vs. html. You can however choose "Source" from the View menu of IE, and this will reveal all of the HTML code for the message that you could wade through if you wanted.

Hope that helps.

Shelly

[Chris Fitzgerald]

Just recieved confirmation that it was a spoof emay from Paypal. I think I'll just close that account right away unless anyone thinks there's a reason i shouldn't.

[christ andronis]

Quote:

Originally Posted by Chris Fitzgerald

Just recieved confirmation that it was a spoof emay from Paypal. I think I'll just close that account right away unless anyone thinks there's a reason i shouldn't.

Close it and open another one. I like PayPal alot. Never had a problem with them. I can understand your paranoia about your account though; if someone has that info, it might be trouble down the road.

[mje]

Quote:

Originally Posted by christ andronis

Close it and open another one. I like PayPal alot. Never had a problem with them. I can understand your paranoia about your account though; if someone has that info, it might be trouble down the road.

No need- they don't have your account data- unless you actually responded. These phishing attacks are sent out by the tens of millions, in the hope that some small percentage will hit gullible PayPal account owners.

Quick tip: Whenever you get a questionable email with a clickable lionk, roll your mouse over the link BUT DON'T CLICK IT. At the lower left edge of most browsers you'll see the actual link address displayed.

Even though the text on the email says paypal.com, the REAL link may be something like paypal.com.fraudsite.net, or some other long tangled fake address.

(Dealing with this sort of security issue is a good chunk of my current job)

[jb6884]

Good advice by mje.. I get tons of phishing emails like this all the time.. I basically ignore everything I get in email like this.. if there's any question open a new browser, go to the site and log in normally (ie. don't use the link from the email to get there... even if it looks correct). Or, simply call the company and ask.

[anonymous0726]

I got an interesting twist on an old scam today.

I put up at Craig's List a room that I have for rent. Got an email message from a 'native New Yorker', a model, who is West Africa on an assignment. 'She' wanted to rent the room, sight-unseen, and would have her 'last employer' cut me a check -- if I would be so kind as to send her a check for the change after deposit and first month's rent was taken out. This American native's English was pretty atrocious, adding even more suspicion...

[Adrian Cho]

The key with most of these things to determine if they are legit, is to look at the links in the message. Not what the label of the link says but the actual URL. And look at it very closely. Many of them will use little tricks and embed the name such as "PayPal" in the URL but if you look closely it's not actually going to paypal.com but somewhere else.

[Moo]

Quote:

Originally Posted by Johono5

Ha! And by simply making the test changes to my account yesterday, I have apparently opened myself up for more badly-spelled, highly-suspicious scam emails from PayPal phishers.

Anything you do with paypal is unrelated to the spam you're getting. It's just a coincidence.

A good solution, although rather difficult for most people, is to have a separate email address for all the businesses you deal with. For example use paypal@mydomain.com for paypal and me@mydomain.com for regular email. If I see email to me@mydomain.com claiming to come from paypal, chase or citibank or whatever scam I immediately know it's fake.