Fraud involving PayPal name

We all know better than to give out ANY information…but this email I received reminded me to point out to some people who aren’t as computer savvy that crooks are getting craftier. My mother might very well have fallen for this because it looks legit.

Email came from ‘services@paypal.com’ (Beth was it YOU who showed me that any Email address could be put in there?) and stated that I need to reregister. It provided me with a nice ‘blue clicky’ that appeared to be a PayPal address. The webpage requested all the really good information, email, password, “bank’s account number”, social security number, credit card numbers and expiration dates.

The crafty part was that ALL THE LINKS on this web page were legitimate PayPal links, just as all the PayPal spiel at the bottom of the email was genuine PayPal spiel, with what is probably their preferred fonts and clipart.

There was one interesting typo where it said to “Click There” instead of “Click Here”, and all the words ‘you’ were capitalized as ‘You’. There were sentence fragments and exclamation marks.

Point out to those you know aren’t highly skeptical that there is NO REASON AT ALL to give out sensitive information to ANYONE who asks for it. EVER. Legitimate companies use proper English when they contact you (remember that you’re grammar teacher said that spelling and grammar mattered? She was right!) and use exclamation marks sparingly if at all.

Tyghress
…And I go on, pursuing through the hours,
Another tiger, the one not found in verse.
Jorge Luis Borges

[ This Message was edited by: tyghress on 2003-02-01 21:59 ]

(Yes, Tyg, it was me.)

I’ve heard of something similar - could be the same scam - where the clickable link they sent you used a capital I instead of a lowercase L - in certain fonts, they look the same.

My guidelines for any online site that handles my money or other sensitive information:

1. ALWAYS question it if they request further information from you via email.

2. NEVER use the links they provide unless you are 110% positive it’s legit. If paypal contacts you, take 5 seconds and type in the paypal URL yourself. Then you know you’re at the right site and not a slick imitation.

Wow you guys, thanks for pointing this out. In a sleepy moment of checking my email I may have just fallen prey to this type of scam. Now that I know it is out there, I will certainly be more careful. I cannot believe the lengths that people will go to to rip off another person.

Cheryl (feeling very humbled and nieve)

I’m sorry, but that’s just really disgusting.

R.

Someone I know got burned by this scam. He clicked the links, got what looked like the paypal site with the paypal-looking www.address, and re-entered his credit card info as requested. He thought nothing of it until his credit card bill arrived and he found that he’d been charged for transactions in France, where he had never been! Of course, it was reversed throught the credit card company in the end, but still he had to get a new card, etc.

All the addresses looked legit, although I suspect if you look at the address it will be http instead of https (secure). The complete and careful action is to go directly to paypal’s site through your regular means, log in as usual, confirm the https in the address, and THEN see if they themselves are asking for current info.

Hey, if Dale can spoof a CNN site, then people can spoof a Paypal site, too. Come to think of it, Dale has been living the luxurious lifestyle lately…

Jef

I’ve had three or four of these emails. The first time it almost got me. Since then I go to the link page and fill in all the blanks with things like:

You guys are really jerks.
Mail fraud is a federal crime.
You are working hard to get what you deserve!
I bet you look good in stripes.
I’ll be laughing when they catch you.

You get the idea. Don’t know if it does any good but it makes me feel better!!! :>

Frank

Yes, did a bit of searching on this and it is right, it is paypai.com – and as pointed out the ‘i’ looks like an ‘l’ (don’t try going to ‘paypai.com’, it just redirects you to popup-hell.

See ZDNet](http://news.zdnet.co.uk/story/0,t269-s2080344,00.html%22%3EZDNet) Story for more details.
Wow, I’ve just realised that link is 3 years old!

(edited to make the link work)

[ This Message was edited by: fatveg on 2003-02-02 00:24 ]

[ This Message was edited by: fatveg on 2003-02-02 00:36 ]

Wow, makes me glad that I stick with the 'ole money order.

Sentence fragments with exclamation points?

Did it EVER say, ‘reregister or BAN!’?

Very interesting.


Stuart

Wow, this is a nasty one!
So I looked at the code for this one, and it seems to be a direct copy of the ‘paypai’ one from 3 years ago. This time you are re-directed to “http://log-in.itgo.com/” (despite the fact that it shows ‘paypal’ in blue underline, doesn’t mean that’s where it takes you. For instance, this link will take you to www.chiffandfipple.com honest! (It’s safe to try…)

Ugh, you said it was safe to try!

Another place to go if you want to see what’s really what in the world of scams is
http://www.urbanlegends.com
They cover such things as the “Bill Gates will send you a million dollars”, “Help Little Johnny get a million emails”, etc. ad infinitum stuff.

PayPal, AFAIK, will never ask you to reregister or to confirm anything you’ve told them once. You have to take action, yourself, to change things. They (and other sites) will send you reminders when a CC you’ve registered with them is about to expire, but that’s about all.

Be careful out there!
serpent

-Got something like it purportedly from the United Airlines web site, asking me to “update” my account with current billing information. No dice!

I just recently bought something with Paypal. They keep sending me email to complete my registration. Did I get scammed? How do I find out? The people that I purchased from, sent me an email saying that my purchase had gone through. Now I’m scared. Any suggestions?

Catherine, your purchase DID go through. As long as you didn’t ‘complete the registration’ you’re in the clear. What you’re seeing in your email is NOT from Paypal.

When in doubt… send the money to me. I’ll sort things out for ya!

Here’s](https://www.paypal.com/cgi-bin/webscr?cmd=_contact-general-submit&flow=sa_email&opt1=sa&opt2=email%22%3EHere%27s) a link to paypal’s contact section for reporting suspicious emails.

Also, many companies have an email account setup called abuse - abuse@amazon.com, abuse@paypal.com, etc — I don’t know that there really is one at paypal but whenever I get something like that I try forwarding it to abuse@whoever to see if there’s an account there. Usually they want to know about these scams.

Worst that happens is the email bounces back to me.

[ This Message was edited by: avanutria on 2003-02-02 16:51 ]

I think I did complete a registration. I’m sure that I didn’t give my SIN number or bank information though. I went back to look at my email and I’ve got one here that comes from service@paypal.com. It is saying that my payment is being confirmed. Then it goes on to say that when I verify my PayPal account by registering and confirming my checking account it will increase the security of the payments network. It also says that when you go onto the PayPal page it has to start with “https” that the “s” means that it is on a secure page. I have no idea what’s going on now. I sent an email to that link to complain, all I got back was a ready-made letter response. I think this ends my days of buying things on-line.

Don’t worry Cath, I think you’re alright.

From Paypal:

Top Questions

What does it mean to be a Verified member of PayPal?

A Verified PayPal member is a U.S. account holder who has added and confirmed a bank account. Because Verification increases the security of the PayPal network, Verified members are able to:

…Lift their sending and withdrawal limits
…Send payments instantly using a checking account
…Become eligible for the Seller Protection Policy
…Increase credibility with sellers and/or buyers, since being Verified means they have confirmed ownership of a bank account

As far as I know, this is not something that is mandatory. I don’t think I verified myself till last year and I’ve been on paypal for a long time - though I primarily use existing funds from ebay sales and the like, instead of linking a credit card to my account.

To address your comments:

It is saying that my payment is being confirmed.

That’s basically all you need to know in that email.

Then it goes on to say that when I verify my PayPal account by registering and confirming my checking account it will increase the security of the payments network.

They want you to get verified but it’s not required. That’s just a reminder in the email.

It also says that when you go onto the PayPal page it has to start with “https” that the “s” means that it is on a secure page.

That’s a way to double check that you’re on the paypal site instead of a cheap knockoff, but I don’t know that imitators can’t get secure status.

I have no idea what’s going on now. I sent an email to that link to complain, all I got back was a ready-made letter response.

I’m betting that response was something like “we received your email. Check out our help page to make sure your question hasn’t already been answered, and we’ll get back to you in a few days.” Standard automatic response, to let you know that they got your email, and to try to weed out the more common questions by directing you to the help page.

–Beth

Edited to add - since you’re in Canada, and Paypal says verified folks have to be US account holders, I’m not sure that you even CAN get verified. So don’t worry about it!

[ This Message was edited by: avanutria on 2003-02-02 17:43 ]

CatherineQ wrote:
…I think this ends my days of buying things on-line.

…would you feel safer buying at night?

On a serious note:
Whenever possible, I call vendors directly and make the transaction there instead of online.
For online purchases and daily ATM transactions (grocery, gas, etc.) I keep one checking account with a small balance seperate from my main checking account.