Warning: Watch Out for Phishing E-Mails!
October 29th 2007 12:38
Problems With My PayPal Account?
A few days ago, I received a very official-sounding e-mail informing me that there were some problems with my PayPal account. Being the analytical type, I read it very carefully, and, while it was quite expertly written--and contained neither the spelling nor grammatical errors usually found in phishing e-mails--something about it didn't seem right, from the very beginning. And the more I read, the more I knew something wasn't right. I've reproduced the e-mail below. See whether you can figure out what's wrong with it--or what could possibly be wrong with it, based on whether or not certain actions had actually occurred. (There are several clues that this e-mail is not legit.)
From: Service PayPal <name@emailnet.com>
Date: Oct ##, #### #:## PM
Subject: Message from support, please Confirm your information!
To: othername@email.com
Dear PayPal Member,
As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your
account.We requested information from you for the following reason:
We recently received a report of unauthorized credit card use
associated with this account. As a precaution, we have limited access to your
PayPal account in order to protect against future unauthorized
transactions.
Case ID Number: PP-###-###-###
This is a reminder to log in to PayPal as soon as possible.
Be sure to log in securely by opening a new browser window and typing
the PayPal URL. Once you log in, you will be provided with steps to
restore your account access. We appreciate your understanding as we work to
ensure account safety.
Click here to restore your account access. [NOTE: Link deactivated. Basic URL formatting follows, but with extra spaces added to avoid creating an actual, albeit non-functional, link: "http:// ###.###.###.## / libsh.so / paypal / login.htm"]
In accordance with PayPal's User Agreement, your account access will
remain limited until the issue has been resolved. Unfortunately, if
access to your account remains limited for an extended period of time, it
may result in further limitations or eventual account closure. We
encourage you to log in to your PayPal account as soon as possible to help
avoid this.
To review your account and some or all of the information that PayPal
used to make its decision to limit your account access, please visit the
Resolution Center. If, after reviewing your account information, you
seek further clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
----------------------------- ----------------------------- ------
PayPal Email ID PP###
Date: Oct ##, #### #:## PM
Subject: Message from support, please Confirm your information!
To: othername@email.com
Dear PayPal Member,
As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your
account.We requested information from you for the following reason:
We recently received a report of unauthorized credit card use
associated with this account. As a precaution, we have limited access to your
PayPal account in order to protect against future unauthorized
transactions.
Case ID Number: PP-###-###-###
This is a reminder to log in to PayPal as soon as possible.
Be sure to log in securely by opening a new browser window and typing
the PayPal URL. Once you log in, you will be provided with steps to
restore your account access. We appreciate your understanding as we work to
ensure account safety.
Click here to restore your account access. [NOTE: Link deactivated. Basic URL formatting follows, but with extra spaces added to avoid creating an actual, albeit non-functional, link: "http:// ###.###.###.## / libsh.so / paypal / login.htm"]
In accordance with PayPal's User Agreement, your account access will
remain limited until the issue has been resolved. Unfortunately, if
access to your account remains limited for an extended period of time, it
may result in further limitations or eventual account closure. We
encourage you to log in to your PayPal account as soon as possible to help
avoid this.
To review your account and some or all of the information that PayPal
used to make its decision to limit your account access, please visit the
Resolution Center. If, after reviewing your account information, you
seek further clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
----------------------------- ----------------------------- ------
PayPal Email ID PP###
What's Wrong With this E-Mail?
1. First of all, while it says that it's from "Service PayPal," the e-mail address isn't a PayPal e-mail address. (You won't always be able to go by this, however, since there are ways of making the e-mail address appear legit.) In this case, though, the e-mail address was a dead giveaway once I examined it. So, do pay attention to the e-mail address, since it can be one way of recognizing a phishing e-mail. (Notice, also, that the "From" e-mail address is in a pale gray font that doesn't really stand out, which they hoped would prevent me from noticing it.)
The e-mail also isn't addressed to me--a safe bet that it was sent to a "cover" e-mail address and "BCC'd"--distributed via Blind Carbon Copies, a practice which hides the copy recipients' e-mail addresses--to a group of different people at the same time. (Sounds exactly like a mass phishing expedition, to me.)
2. Next, the e-mail claims that the company has contacted me about an issue with my account and requested information from me about the matter. As you might well imagine, I was never actually contacted about any such matter. (I suppose they were hoping that, though I would realize that I hadn't had any previous contact about this matter, I would be very eager to clarify that fact, as well as to straighten out the "issue on my account" by contacting "PayPal" immediately.)
3. You'll notice that this particular phisherman actually cleverly advises me to be sure to "log in securely by opening a new browser window and typing the PayPal URL." This makes him sound very official and totally legit. Yet, after a few more reassuring sentences about how my account access will be restored and how they're working to ensure the safety of my account, the very next thing he does is provide a convenient link whereby I can "Click here to restore (my) account access." (He hopes that, by this time, he's built my trust sufficiently to actually get me to click the link--which, by the way, would not have taken me to the PayPal site.)
The next paragraph then very subtly tries to pressure me into acting now--before I've had a chance to give the matter sufficient thought--by threatening continued limitation of account access and eventual account closure.
4. Another clever move this individual makes is to deftly disguise the website URL, making it appear to be the PayPal login page. When I passed my cursor over the link to check it out, I saw that the URL consisted of an IP address made up of a series of numbers followed by "/(subdomain).so/paypal/login .htm". (Again, you won't always be able to tell this way, since there are apparently some rather sophisticated methods of making a website URL appear to belong to a site other than the one it actually belongs to.) But, in this case, I could see that the real domain was represented by the series of numbers, which, of course, I would have no way of recognizing. This person has likely done nothing more than name one or more pages on his website "paypal/login.htm"
This e-mail manages to match the business-like tone of a legitimate e-mail one might receive from PayPal, one's bank, or any other financial institution. This is what makes it so potentially dangerous. And this is why you need to be extremely careful to check such e-mails closely, rather than mindlessly following their instructions.
What Did I Do?
The first thing I did was log into my PayPal account (via my web browser rather than the link found in the e-mail) and check to see whether there was in fact any kind of hold on my account. And, guess what? No hold.
Next, I tracked down an e-mail address for PayPal that I could use to forward the fraudulent e-mail to the company. (This is one time I was glad I save and archive my e-mail.) It turned out that I had an e-mail from PayPal which discussed "spoof e-mail addresses" and "spoof websites." So I forwarded the e-mail to spoof@paypal.com, and this is the reply I received:
Dear Jeanne Dininni,
Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team
is working to disable it.
-------------------------
What is a phishing email?
-------------------------
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal
will never ask for your password over the phone or in an email and will
always address you by your first and last name.
Take our Fight Phishing Challenge at
Really Long Link to learn 5 things you should know
about phishing. You'll also see what we're doing to help fight fraud
every day.
-------------------------
You've made a difference.
-------------------------
Every email counts. By forwarding a suspicious-looking email to
spoof@paypal.com, you've helped keep yourself and others safe from
identity theft.
Thanks,
The PayPal Team
Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team
is working to disable it.
-------------------------
What is a phishing email?
-------------------------
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal
will never ask for your password over the phone or in an email and will
always address you by your first and last name.
Take our Fight Phishing Challenge at
Really Long Link to learn 5 things you should know
about phishing. You'll also see what we're doing to help fight fraud
every day.
-------------------------
You've made a difference.
-------------------------
Every email counts. By forwarding a suspicious-looking email to
spoof@paypal.com, you've helped keep yourself and others safe from
identity theft.
Thanks,
The PayPal Team
What Should You Do?
First, you should take the Fight Phishing Challenge at PayPal. This is a five-question quiz that will test your knowledge of the subject, helping you learn some facts about phishing that can help you protect yourself. (Note: You won't need to log in to PayPal to access this quiz; so, even if you don't have a PayPal account, you'll be able to take the quiz and learn how to better protect yourself from online fraud.)
Next, you should read the following article to learn more about how to recognize spoof websites and find out how to further protect yourself from the fraudulent practice known as phishing: What is a "spoof site", what is "phishing" and why do I need to know about this stuff? (This article was posted back in 2004 but still contains extremely helpful information that goes deeper into the topic than I have here.) I should point out that this is an anti-PayPal site; but the information it contains about protecting yourself against online fraud is invaluable. (You'll also find an article on spyware here, which I haven't yet read, but which could also prove helpful.)
Then, you should be very alert and cautious whenever you receive an e-mail purporting to be from PayPal, your bank, or any other financial institution or website. Pore over it with a fine-toothed comb, looking for clues that would either confirm or deny its authenticity. Never click a link in an e-mail to get to a website where you need to perform a secure monetary transaction. Always use your web browser and preferably type in the URL yourself. (If you use the drop-down box beneath your browser window, confirm that the URL is correct before clicking it.)
Finally, you should report any such phishing e-mails to the company from which they claim to have come. Fraudulent PayPal e-mails may be sent to spoof@paypal.com. (Other reporting websites are listed in the article linked to above.)
Freelance writers often use PayPal to collect payment for their work. If this is one of your payment methods, be especially careful. Don't be the unwitting victim of one of these malicious phishing expeditions! Protect your information! (Remember: PayPal will never ask you for your password, Social Security number, credit card number, bank account details, or any other personal information in an e-mail [or during a phone call].) Be absolutely certain that you are on the legitimate--and therefore secure--PayPal website before revealing any of this information!
Also note that the individual who sent me the fraudulent "PayPal" e-mail didn't know my name. PayPal's legitimate e-mails always address me by name--though addressing me by name is not in itself proof that the e-mail is legitimate. It's always possible that a given internet scam artist has somehow managed to get hold of a potential victim's name--particularly if that potential victim happens to be someone who is rather high-profile, such as a blogger. So, beware! Check the e-mail for other clues, and if in doubt, don't respond to it.
Knowledge is power. Learn how to protect yourself from internet fraud!
Cautiously yours,
Jeanne
Did you enjoy this post? Learn anything? Have anything to add? Feel free to comment!
| 54 |
| Vote |
Add To: 
Subscribe to this blog
Comment by Tracy
Movies and Life
I also received the same email and didn't do anything with it as I was suspicious that it was phony. This is really helpful info; I didn't know there was a place that we could report such emails to. I'll definitely be doing that in future.
Thanks,
Tracy
Comment by Jeanne Dininni
Writer's Notes
I'm glad you were alert enough to catch it! Good for you! These cyber-criminals are getting more and more sophisticated as time goes by, though, and making their fraudulent activities harder and harder to detect. So, we're the ones who have to make sure we're on top of the situation where our personal information is concerned.
The PayPal "spoof" e-mail address is the best place to send fraudulent PayPal-related e-mails; but there are a number of links at the other website whose article I've linked to in this post where you can send other phishing e-mails. (In fact, it might not be a bad idea to send the PayPal e-mails along to them, as well.)
If you haven't checked out this article, yet, I highly recommend that you do. It contains info on several ways to spot "spoof" websites--very valuable info!--and includes images showing you what to look for after right-clicking on a website to check its "Properties."
It also discusses how to tell if the little lock icon found on a website really means that the site is secure.
Thanks for the visit--and keep up the good work!
Jeanne
Comment by James Rickard
unlucky_ fishermen.com
Angling Fish
Comment by Jeanne Dininni
Writer's Notes
I'm hoping that this info will help many people arm themselves against online identity theft!
Thanks for the visit--and the comment! I appreciate both!
Jeanne
Comment by AmyHuang
Sydney Table
Project Job Search
Travel Debate
Travel String
Love Adventures
Great post Jeanne!
Comment by Jeanne Dininni
Writer's Notes
While this post was very involved and took a great deal of time and work to write, if it helps even one person avoid online identity theft, it will have been more than worth it! (Though of course I hope it will prove valuable to many more than just one person!)
Thanks for your feedback!
Jeanne
Comment by dcr
But, it is possible for a phisher to know your name too. Some spam harvesters may have collected your name along with your eMail address, so it's possible for a phisher to know your name.
I don't think I've ever seen an authentic eMail from PayPal that didn't include my name. When in doubt, enter the PayPal URL directly in your browser; never click the link in the eMail message!
Also, be on the lookout for DNS spoofing. I don't know if there have been any such incidents yet, but there have been warnings issued in the past about the possibility of spammers or phishers cracking a DNS server and redirecting traffic from real sites to their own phishing sites. So, were you to go to PayPal's site, they would redirect you to their own webpage that looks like PayPal's site, and you probably would never know the difference.
Mind you, I'm not sure if something like that has happened yet, but it's something to be mindful of and to watch out for in the future. Not just with PayPal, but with any site containing your personal information. It's probably a good idea to keep phone numbers for PayPal and other sites handy so that if you ever suspect that you may have logged into a fake site, you can call and see for certain, and maybe take appropriate action to protect your account(s). (That means write the phone numbers down NOW, because if you're on a fake site, you'll likely see fake phone numbers too!)
Comment by Jeanne Dininni
Writer's Notes
Thanks for all that excellent feedback! It's true that, though e-mail phishermen usually won't know your name, there could be times when they will. So, you definitely can't let down your guard simply because you receive a PayPal e-mail that addresses you by name.
There are, however, ways to tell when you're on a spoof website, which is why I've included a link to the article about these sites and about phishing in this post.
A quick overview:
Once on a website, if you right-click the webpage you're on and then click "Properties," you'll learn two things.
First, you'll learn the actual URL of the website--regardless of what they may have done to hide or manipulate it to make it seem like another site. (Note: The PayPal site's "Properties" window shows that the site is in fact PayPal, because it shows the authentic PayPal URL.)
Second, you'll learn whether or not the internet connection to the site is encrypted. If it isn't encrypted, it's not a secure site and therefore cannot be the real PayPal website. (Try this by right-clicking this Writer's Notes webpage. You'll see the exact URL--in this case the URL to this particular blog post--and you'll also see that this site's connection is not encrypted.)
Aside from the "Properties" window, another way to tell whether you're on a secure site is that the lock icon will appear in the status bar at the bottom of the page. This is the only lock-icon location that indicates a secure site. If it's found anywhere else on the page, it means nothing. (Of course, it's possible that it could be found elsewhere on the page in ADDITION to the status bar--which is in fact the case at PayPal. But, if it's found ONLY on the web page and NOT in the status bar, the site is not secure.)
Apparently, some online con artists remove the status bar entirely to prevent visitors from noticing that the lock icon is missing. They then place an image of a lock somewhere on the web page to give the site a false air of legitimacy and security.
These things are so important to know! If you haven't yet checked out the article I've linked to in this post, you might want to. That's where I got all this valuable information. It explains and shows images illustrating the steps you can take to keep your personal information safe from unscrupulous scammers.
Thanks, for your input, Dan!
Jeanne
Comment by Lillie Ammann
The day after the funeral when I was still at her house, she was catching up on her e-mail and found a message purportedly from Best Buy about a problem with an order. Since the message had been there from just a day or so after my mother entered the hospital, my sister thought my mother had placed an order before she got sick. She clicked on the link and it took her to a different URL than the one in the message. Fortunately, it had been long enough between the original message and the time my sister responded that the scammers had shut down the site and moved on.
These guys set up a site, send millions of e-mails, get all the victims they can, and shut down and move to a new address in a few days to avoid getting caught. Phishers have become much more sophisticated in the last four years, as demonstrated by the message you have posted above.
Comment by Jeanne Dininni
Writer's Notes
Thanks so much for sharing your sister's experience with us! It's quite a hair-raising cyber story, when you think of how badly things might have turned out had the site not already been shut down by the time your sister responded! (I can't help but wonder, though, if maybe someone didn't actually report this website to the web host, which may have been the entity that actually shut it down.)
There are so many good yet gullible people in this world who unwittingly do great harm to themselves by trusting people they shouldn't because they themselves would never think of doing such things and therefore they don't even entertain the thought that other less-scrupulous people would.
You are certainly right that these cyber scammers are becoming more sophisticated, and it's definitely becoming more and more difficult to tell that their e-mails and websites are not the "real deal." But, there are ways to tell, and we can only do our best to educate others, hopefully helping to prevent them from becoming the prey of such dishonest individuals.
We must always be on our guard wherever online financial transactions are concerned--and of course, whenever we receive any e-mail that claims to relate to any type of financial transaction. It's absolutely crucial never to click a link in an e-mail that claims that it will take you to a website where you'll be able to complete any sort of "secure" financial transaction or where you're expected to "update" your personal information. I always pass my cursor over the link to see where it would have taken me before I DON'T click on it!
Incidentally, in the case of unfamiliar web addresses that you type into your browser or copy and paste there, if you'll pass your cursor briefly over the "Go" button or arrow before clicking, you'll be shown what web address you'll actually be taken to if you click "Go." (I just learned this the other day. I'd never noticed it before.) This is extremely valuable in cases where clicking a certain URL is actually designed to redirect you to an entirely different web address, hiding the fact that you aren't actually going to the website that you think you are.
(In the case just mentioned, I had actually been redirected to a site which supposedly sold cheap cigarettes. Maybe it was legit; maybe not. But I can't help but wonder why they would have needed to masquerade as an affiliate tool website in order to force traffic to their site if they were indeed honest businesspeople.)
There are many tools at our disposal that can help us to avoid being the victims of online fraud. But, we need to be informed that they exist and how we can best use them to protect ourselves and our vital personal information.
Thanks so much, Lillie, for your very valuable input on this issue!
Jeanne
Comment by Paranaque Scandal
Comment by Jeanne Dininni
Writer's Notes
Glad you liked it. Thanks for the visit!
Jeanne