PayPal phishers

I got an email from the ‘PayPal Confirmation Center’ today.

We recently noticed an attempt to log in to your PayPal account from a foreign IP address and we have reason to belive that your account was used by a third party without your authorization.

If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. Therefore, if you are the rightful account holder, click on the link below to log into your account and follow the instructions.

If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.

I was pretty sure that this was just another set of crooks trying to get financial information out of me, so I checked at the real PayPal site, and they have a page that confirmed I was right.

What to watch out for

1. Generic greetings. Many spoof emails begin with a general greeting, such as: “Dear PayPal member.”

2. A false sense of urgency. Most spoof emails try to deceive you with the threat that your account is in jeopardy if you don’t update it ASAP.

3. Fake links. The text in a link may attempt to look valid, then send you to a spoof address. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. If the link looks suspicious, don’t click on it. And be aware that a fake link may even have the word “PayPal” in it.

Most of us probably get these sometimes, generally claiming to be from banks that we don’t even have accounts with. It doesn’t take long to learn to spot them, and I’d normally just delete them (often without even bothering to open them) and forget about it. But this email looks really plausible to the inexperienced or unwary. In the header, it purports to come from the domain (only theURL in the link that it directs you to to give them your details looks fishy). It’s literate. It has the right logos.

A lot of you reading this probably have a PayPal account. And some of you might not have encountered these sort of scumbags before; everyone has to have a first time. So watch out.

Some links
Phisher scams
Anti-Phishing Working Group
Spoof email tutorial

This entry was posted in General. Bookmark the permalink.

2 Responses to PayPal phishers

  1. I periodically get these from PayPal and from eBay. My theory is that if they don’t even know my name to be able to address the e-mail to me personally, then it has to be bogus. I also get similar ones from random internet banks telling me I haven’t been able to log into my account – when I have no account with them. I ignore all this stuff, too, but it is remarkable how realistic/official some of them look.

  2. profgrrrrl says:

    Yes, i got one of these recently. They are getting better and better at making them look real, so I wonder how many people are getting duped.

Comments are closed.