Pay Pal Warning

[dr_mabeuse]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I was halfay through filling it out when I studdenly got suspicious, especially because the URL at the top of the information page was "www/hidehunt" or something. I called Pay Pal and they told me that yes indeed, this was a spoof email by someone trying to get credit card information.

If I hadn't happened to check the URL, and if a friend hadn't scared me the other day with tales of her personal experience with identity theft, I proabbly would have gone ahead and resubmitted the information. The email and info site looked that official.

I know this isn't a very authorly topic, but I'm a trusting soul and I was really shocked. It was a very good scam. Be warned.

---dr.M.

 

[Guest]

kudos for the heads up.

glad you took the time to check it out DrM... this has been a problem of epic proportions in the last year. even i got a note similar to yours, sometimes, being lazy can be a good thing. i never did look into it because i was too busy with other things to be bothered.
its scary how easily some people can be misled by an official looking email.

 

[impressive]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I was halfay through filling it out when I studdenly got suspicious, especially because the URL at the top of the information page was "www/hidehunt" or something. I called Pay Pal and they told me that yes indeed, this was a spoof email by someone trying to get credit card information.

If I hadn't happened to check the URL, and if a friend hadn't scared me the other day with tales of her personal experience with identity theft, I proabbly would have gone ahead and resubmitted the information. The email and info site looked that official.

I know this isn't a very authorly topic, but I'm a trusting soul and I was really shocked. It was a very good scam. Be warned.

---dr.M.

Phishing.

 

[china-doll]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I was halfay through filling it out when I studdenly got suspicious, especially because the URL at the top of the information page was "www/hidehunt" or something. I called Pay Pal and they told me that yes indeed, this was a spoof email by someone trying to get credit card information.

If I hadn't happened to check the URL, and if a friend hadn't scared me the other day with tales of her personal experience with identity theft, I proabbly would have gone ahead and resubmitted the information. The email and info site looked that official.

I know this isn't a very authorly topic, but I'm a trusting soul and I was really shocked. It was a very good scam. Be warned.

---dr.M.

This is quite common now. No legit website will ask you for information in an e-mail because it is not a secure location. They will all direct you back to their own website and have you log-in to your account if any information has to be updated. And don't follow the link in a e-mail because it may go to a dummy site that looks just like the real one. Punch in the sitename yourself in your browser and and then login and make any changes if they are even required.

 

[patricia51]

Also, any email that describes you "generically"...i.e. "Ebay user" or "paypal user" or just by email address and not by user name is suspect. Sometimes they can use floating email addresses that look as if you're being directed to the actual site but your not, or you are but you're "tagged" and a hidden window opens that copies your data.

The best advice is as China says. Always go to the site from another browser window and check in there. Make SURE it says "https" for a secure site. Phishing is reaching overwhelming proportions. DON'T be a victim.

 

[English Lady]

I get millions of those paypal and ebay ones. the very first one did worry me but now I don't even look. woe betide they ever email me legitimately *L*

 

[shereads]

I had something similar from an outfit claiming to be Merryl Lynch (or its ilk; can't remember the name now) asking me to update my account records with new financial information.

I don't have any account with them. The second clue was, again, their e-mail address. It was a Yahoo account.

 

[shereads]

Another way to be screwed is to be one of the million-plus Bank of America customers whose account information including social security numbers were on some data tapes that were lost ("not stolen") in transit.

We might as well just pool everyone's confidential information in a vast online grab-bag and get it over with.

Let's see...Here's how it could work: When you need to make a major purchase - car, refrigerator, house - you visit this universal potluck credit site and select a social security number or its non-U.S. equivalent entirely at random. For the next 48 hours you're stuck with the credit rating and liquid assets attached to that account. If you drew my identity, tough luck. If you drew Richard Branson or Oprah Winfrey, you're good to go.

 

[English Lady]

Oh and whilst we're on the subject..can someone inform the idiots who think I have an account with Washington Mutual that I haven't. I am getting 3/4 emails a day mythering me for my details just recently.

Damn spam.

 

[Belegon]

The "phishing" thing has hit all the major US banks EL. I have seen very good ones for WaMu, Wells Fargo, B of A, Bank One and Citiibank.

Don't respond to any of them. Your bank will NEVER contact you this way.

 

[Pure]

NOTE:

To underscore what some have said. This isn't peculiar to Paypal. Any legit site may be copied (with some almost unnoticeable variation), but it Sears, Bank of America, America Online, etc. So emails that are even a little 'phishy' should be ignored or reported.

Since many companies have a 'click on' feature in their advertising (hotlink), this feature is also copyable by someone else asking you to click on XX, and where it will take you is not necessarily where you think.

 

[patricia51]

For a wealth of good information on the scams and how to avoid and report them, the Anit-Phishing Work Group has an excellent Web site. Additionally the same site covers "Pharming" which is the use of spyware to redirect you from the real site to a fraudulent one.

http://www.antiphishing.org/

 

[patricia51]

Oh and whilst we're on the subject..can someone inform the idiots who think I have an account with Washington Mutual that I haven't. I am getting 3/4 emails a day mythering me for my details just recently.

Damn spam.

No EL...its Phishing. Washington Mutual is the very latest spoof mention at the website, along with Paypal, South Trust, Huntington and Key Banks.

 

[English Lady]

No EL...its Phishing. Washington Mutual is the very latest spoof mention at the website, along with Paypal, South Trust, Huntington and Key Banks.

oooh i see....well i don't 'cos the phishers are baiting the wrong phish here *L*

 

[English Lady]

The "phishing" thing has hit all the major US banks EL. I have seen very good ones for WaMu, Wells Fargo, B of A, Bank One and Citiibank.

Don't respond to any of them. Your bank will NEVER contact you this way.

Ahhh they must think I'm American...or at least wealthy enough to have a bank account in another country.


thanks for the info Belegon

 

[shereads]

The "phishing" thing has hit all the major US banks EL. I have seen very good ones for WaMu, Wells Fargo, B of A, Bank One and Citiibank.

Don't respond to any of them. Your bank will NEVER contact you this way.

I had a Citibank one a while back with a logo that looked like I had drawn it in MacPaint. It was as authentic as the hand-drawn "state seal" on the famous letter by which the USA and Britain were persuaded that Saddam Hussein was buying uranium from Nigeria.

So I've decided to invade Citibank.

 

[yui]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I was halfay through filling it out when I studdenly got suspicious, especially because the URL at the top of the information page was "www/hidehunt" or something. I called Pay Pal and they told me that yes indeed, this was a spoof email by someone trying to get credit card information.

If I hadn't happened to check the URL, and if a friend hadn't scared me the other day with tales of her personal experience with identity theft, I proabbly would have gone ahead and resubmitted the information. The email and info site looked that official.

I know this isn't a very authorly topic, but I'm a trusting soul and I was really shocked. It was a very good scam. Be warned.

---dr.M.

Forward any suspicious PayPal emails to spoof@paypal.com. Forward in their entirety without altering the body of the letter or the subject line. They're trying to shut these spoofers down and the more info/links they have, the more they have to work with. So, report the spoofs!

eBay has the same problem with spoofers. Be leery of anything from eBay and forward (without changing anything) suspicious eBay emails asking for account info to spoof@ebay.com.

This kind of thing makes me nuts. It's just mean.

Luck,

Yui

 

[Weird Harold]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I got two very official looking e-mail claiming I needed to re-establish my online PIN for online VISA transactions.

They came from two different "official" looking addresses, but they came to my Juno.com e-mail which is used strictly for back-up purposes and hasn't been given as my e-mail address in years -- except when I expect the e-mail request to generate a lot of spam.

FWIW, you were lucky. Most Phishers are better at spoofing the address to look official.

The best advice if you get a request for information is to go to the insitutions website directly instead of using the links in the e-mail. Then even if you decide you do need to update the information, you can be reasonably sure that you're giving it to the right people.

 

[sweetnpetite]

The biggest and best advice- especially when you're online is "be suspicious of everything"

Sort of related- my boyfriend at one time got some official looking letters from "collection agencies" on a bill he owed. For whatever reason (I think he got two from two different agencies on the same bill) he checked into it and it was fraudulent. (This was not e-mail, this was reg mail.) We are careful now to shred anything that has so much as our name and address on it. Never throw away old bills or mail order reciepts without destroying them.

 

[Halo_n_horns]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I was halfay through filling it out when I studdenly got suspicious, especially because the URL at the top of the information page was "www/hidehunt" or something. I called Pay Pal and they told me that yes indeed, this was a spoof email by someone trying to get credit card information.

If I hadn't happened to check the URL, and if a friend hadn't scared me the other day with tales of her personal experience with identity theft, I proabbly would have gone ahead and resubmitted the information. The email and info site looked that official.

I know this isn't a very authorly topic, but I'm a trusting soul and I was really shocked. It was a very good scam. Be warned.

---dr.M.

I've gotten these sorts of things from both "e-Bay" and "Pay Pal" so many times that I can't begin to tell you how many I've received.

The real Pay Pal and the real e-Bay never ask for personal information, and you're the only one who can close your accounts with them unless you've violated their rules of conduct.

I usually just reply to them with "Cute scam. Now go away."

 

[BlackSnake]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I was halfay through filling it out when I studdenly got suspicious, especially because the URL at the top of the information page was "www/hidehunt" or something. I called Pay Pal and they told me that yes indeed, this was a spoof email by someone trying to get credit card information.

If I hadn't happened to check the URL, and if a friend hadn't scared me the other day with tales of her personal experience with identity theft, I proabbly would have gone ahead and resubmitted the information. The email and info site looked that official.

I know this isn't a very authorly topic, but I'm a trusting soul and I was really shocked. It was a very good scam. Be warned.

---dr.M.

I got that thing, saying that I had to update my paypal account or it will be cancelled. One of the things about paypal is that they won't do that....duh!

 

[davidwatts]

fbi

I got something from "the FBI" this morning saying I had been detected visiting 40 illegal sites and they wanted some information from me. I was disillusioned that there were only 40.

 

[BBWetKitty]

I always check out www.snopes.com when something looks suspicious.

 

[Belegon]

I had a Citibank one a while back with a logo that looked like I had drawn it in MacPaint. It was as authentic as the hand-drawn "state seal" on the famous letter by which the USA and Britain were persuaded that Saddam Hussein was buying uranium from Nigeria.

So I've decided to invade Citibank.

Remember, you can only invade them from 10-4 Monday thru Friday.

Unfortunately, most of them are excellent copies of the real websites. I know that She knows this, but just for good measure... I work in the financial services industry, and I promise everyone that no financial deposit institution will contact you in this manner and ask for this info.


On the other hand, if you call me...don't freak out when I ask for your name, ssn or account number so I can see your info. You called me, remember? Remember how I identified the company and gave you my name when I answered the phone? Remember how you got the number from the business card I gave you?

I actually had someone do this, get scared because I asked for her account number after she called me. guess she thought I should recognize her voice and be able to recall every detail based on it. Ya know what? I talk to hundreds of people every week. If I have not been helping you for a couple of years or with a very intense focus, I am not going to recognize your voice on the phone and I sure can not remember your account number.

Best part was when she hung up angry, called back and asked one of my employees for the manager. She was quite flustered to be speaking to me again when I picked up the line. Must have fed her fears of big brother.

 

[angelicminx]

This morning I got a very official looking announcement from Pay Pal saying they had detected unusual activity on my account from Germany, and to protect my account they had shut it down and I would have to re-activate it. Re-activtivation involved entering all my personal data and credit card number in another, very official-looking site.

I was halfay through filling it out when I studdenly got suspicious, especially because the URL at the top of the information page was "www/hidehunt" or something. I called Pay Pal and they told me that yes indeed, this was a spoof email by someone trying to get credit card information.

If I hadn't happened to check the URL, and if a friend hadn't scared me the other day with tales of her personal experience with identity theft, I proabbly would have gone ahead and resubmitted the information. The email and info site looked that official.

I know this isn't a very authorly topic, but I'm a trusting soul and I was really shocked. It was a very good scam. Be warned.

---dr.M.

Thanks for the heads up dr m... I would likely have done the same thing.