Paypal Scam

[jonthebhoy]

Today I received the following email, supposedly from Paypal. I was suspicious and forwarded it to Paypal themselves. They have confirmed that it is a fraud. In light of the recent problems that Joshua and Jay & Angel have experienced, it is clear that we should be even more vigilant about protecting ourselves.

--------------------------------------------------------------------------------

Security Center

Military Grade Encryption is Only the Start

At PayPal, we want to increase your security and comfort level with every transaction. From our Buyer and Seller Protection Policies to our Verification and Reputation systems, we'll help to keep you safe.

PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs

some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement access to your account will be limited. This is a fraud prevention measure meant to ensure that your account is not compromised.

In order to secure your account we may require some specific information from you. We encourage you to log in by clicking on the link below and complete the requested form as soon as possible.

Scam link removed for safety reasons.

Ignoring our request, for an extended period of time, may result in account limitations or may result in eventual account closure.

Thank you for your prompt attention to this matter. Please understand that this is

a security measure meant to help protect you and your account.

We apologize for any inconvenience.

Sincerely,

PayPal Account Review Department

PayPal Email ID PP4392

--------------------------------------------------------------------------------

*Please do not respond to this e-mail as your reply will not be received.

JTB

[ratchpot]

Thanks for the heads up. You might want to deactivate the link in the text you quoted.

[Pugwash]

Thanks for the heads up. You might want to deactivate the link in the text you quoted.

That links to the real pp site. In the phish mail, it'll have an "onclick" sending to a different address.

[ehtolcad]

@jtb thanks for the heads up

edit: other thing was taken care of

Edited April 16, 2006 by ehtolcad

[jonthebhoy]

Thanks for the heads up. You might want to deactivate the link in the text you quoted.

Fair point, although I would hope no-one would be silly enough to use it.

JTB

[jonthebhoy]

Link removed.

[Pugwash]

Link removed.

Why? The link wasn't dangerous.

[jonthebhoy]

Why? The link wasn't dangerous.

I guessed so, but hey a link removal a day keeps the doctor away! Nah?

JTB

[Pugwash]

I guessed so, but hey a link removal a day keeps the doctor away! Nah?

In that case, I will explain to the readers why the link can look real in an email and not necessarily be real. If a link looks like the one JTB posted, which was the regular https://www.pp.com/cgi-bin/webscr?cmd=_login-run you need to visit to login to pp, then sometimes a different address can be hidden behind it. So, even though a link can look like the genuine pp link, it can actually link elsewhere, much like this:

https://www.pp.com/cgi-bin/webscr?cmd=_login-run

As you can see, the text is the same as the pp link above, but the link behind it can be something very different indeed. Oh, the site behind that link is perfectly safe, by the way. I'd not be that evil.