In the last few days I’ve received some spam e-mail messages reporting to be confirmations of items purchased via eBay. I haven’t seen this type of scam before.
I preview my messages with a program called Mailwasher so I can decide if I want to delete the mail without actually loading them to my computer.
It appears the messages have a link that takes you to a (false) PayPal website for confirmation/payment.
I haven’t actually downloaded the e-mail and gone to the website but I suspect that it works this way:
Someone who gets this e-mail realizes the purchase isn’t theirs… they go to the website, select a menu option ‘cancel this transaction’ then enter their PayPal name and password to cancel… voila! the bad guys now have enough information to empty money in your PayPal account.
Yes, it’s called Phishing (pronounced “fishing”), and it’s growing at an alarming rate. Never, ever give out any information in an email, or on a website linked in an email.
Forward any phishing emails to the appropriate email address, such as abuse@ebay.com, or abuse@paypal.com, to report these scams.
I am really angry at this scam, which looks slicker each time it’s attempted. I just got an email from “Earthlink”, which looked like Earthlink and passed the address verify link. It asks to verify credit card info. I was almost burned once and I won’t get burned again, and called Earthlink when it passed the verify test. Well, it’s not Earthlink(surprise, surprise). I’m starting to get paranoid about checking my e-mail.
I think it’s a good idea to use a seperate, low limit credit card for internet service and online shopping. And never give out credit card info when an email asks for it. And hide behind a screen name. And wear a Zorro mask. And talk with an accent. And don’t sew your name in your underwear, for God’s sakes!
I keep two Earthlink e-mail addresses. The main one is only for their billing info and the second is my ‘normal’ operations.
It appears those spammers have an inside connection to Earthlink because they only send them to my main (billing) e-mail address.
If you use Earthlink’s webmail interface to check your account you will see all ‘real’ e-mail from earthlink has their logo imbedded into the header of the messages.
All those ‘Your credit card was declined’ messages haven’t had the logo… at least not now they don’t. It won’t suprise me if they figure it out. In the mean time, I’m deleting the mail. The way I figure it… if they shut off my internet service then it’s for real!