The Straight Dope

Go Back   Straight Dope Message Board > Main > General Questions

Reply
 
Thread Tools Display Modes
  #1  
Old 08-04-2011, 12:06 AM
Oslo Ostragoth Oslo Ostragoth is offline
Charter Member
 
Join Date: Feb 2004
Location: the Prairie
Posts: 6,728
Is this PayPal/SDMB thing legit or phishing?

I have a PayPal account that, as far as I can recall, has only been used to pay my SDMB subscription. I got this email:

"So we can continue providing you with your account information electronically please provide your consent to our Electronic Communications Delivery Policy. Log in to your PayPal account and follow the steps below.

Hello xxxxxxxxxxx,

PayPal is updating the way we send you your account information. Please agree to our Electronic Communications Delivery Policy today. This ensures that we can continue providing you with your account information electronically, including transaction receipts, account statements, and annual disclosures."

And so on and so forth.

What's going on here?
Reply With Quote
Advertisements  
  #2  
Old 08-04-2011, 12:12 AM
silenus silenus is offline
Hoc nomen meum verum non est.
Charter Member
 
Join Date: May 2003
Location: SoCal
Posts: 39,433
It a phish. If you check the url on mouseover, it doesn't go to paypal.com, but e.paypal.com.

Totally bogus. Delete it. Paypal will never contact you by email. They only contact you by message when you log in.

Last edited by silenus; 08-04-2011 at 12:13 AM..
Reply With Quote
  #3  
Old 08-04-2011, 12:20 AM
DMC DMC is online now
Charter Member
 
Join Date: Oct 2000
Location: Atlanta, GA
Posts: 3,549
Quote:
Originally Posted by silenus View Post
It a phish. If you check the url on mouseover, it doesn't go to paypal.com, but e.paypal.com.
Are you sure that it is e.paypal.com? If so, that's just a subdomain, so I'm not sure how this particular phishing method would work. If it's something like e-paypal.com, epaypal.com, e.paypal.com.something.com etc., then sure.
Reply With Quote
  #4  
Old 08-04-2011, 12:23 AM
DMC DMC is online now
Charter Member
 
Join Date: Oct 2000
Location: Atlanta, GA
Posts: 3,549
By the way, I'll agree that that message smells fairly phishy. I'm just confused on how that would work if the domain is actually what silenus stated.
Reply With Quote
  #5  
Old 08-04-2011, 12:24 AM
silenus silenus is offline
Hoc nomen meum verum non est.
Charter Member
 
Join Date: May 2003
Location: SoCal
Posts: 39,433
e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.
Reply With Quote
  #6  
Old 08-04-2011, 12:29 AM
DMC DMC is online now
Charter Member
 
Join Date: Oct 2000
Location: Atlanta, GA
Posts: 3,549
Yes, if it is e-paypal.com, that's likely someone phishing. e.paypal.com, on the other hand, should be completely legit.

Oslo Ostragoth, if there are links in the email to "login" or "accept", etc., then probably a phishing attempt. If it just directs you to log onto paypal yourself, without any links to "help" you get there, probably legit.
Reply With Quote
  #7  
Old 08-04-2011, 12:34 AM
running coach running coach is online now
Charter Member
 
Join Date: Nov 2000
Location: Riding my handcycle
Posts: 14,268
Legit or not, you won't get in trouble by going to the site on your own(no link clicking) and login as you usually do.
Reply With Quote
  #8  
Old 08-04-2011, 12:38 AM
psychonaut psychonaut is offline
Guest
 
Join Date: Apr 2001
Quote:
Originally Posted by silenus View Post
e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.
I don't know where you got this idea; PayPal contacts people by e-mail all the time for various reasons, such as when they've received a payment.
Reply With Quote
  #9  
Old 08-04-2011, 01:01 AM
johnpost johnpost is offline
Guest
 
Join Date: Jul 2009
if it's legit and you need to do something then when you log on to PayPal it will give you a message saying you need to do something.
Reply With Quote
  #10  
Old 08-04-2011, 01:08 AM
paperbackwriter paperbackwriter is offline
Straight Dope Science Advisory Board
 
Join Date: Apr 2001
Location: Connecticut
Posts: 1,698
Quote:
Originally Posted by silenus View Post
e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.
BS. Paypal is actually asking for permission to do exactly that. If you're paranoid, instead of following any links in the e-mail, just type www.paypal.com into a new browser window and sign on. Lo and behold, you'll get a request to approve electronic document delivery.

Y'know, so Paypal has your permission to contact you by e-mail. But you don't have to take my word for it:
Quote:
Notices to You. We have modified our disclosures about the notices we send to you in Section 1, which we will now provide to you in a separate disclosure called “Electronic Communications Delivery Policy” which can be accessed by clicking on the Legal Agreements link at the bottom of the PayPal website. This policy describes how we communicate with you electronically, provides additional detail about the Communications we provide to you, and sets out the hardware and software you need to receive these Communications.
Reply With Quote
  #11  
Old 08-04-2011, 01:40 AM
BigT BigT is offline
Guest
 
Join Date: Aug 2008
It's legit. Go to Paypal.com manually, and they'll ask you the same thing.

BTW, e.paypal.com is their email sending server.

Last edited by BigT; 08-04-2011 at 01:40 AM..
Reply With Quote
  #12  
Old 08-04-2011, 02:26 AM
An Gadaí An Gadaí is offline
Guest
 
Join Date: Mar 2007
Quote:
Originally Posted by silenus View Post
e-something. I checked it and deleted it because as I noted Paypal never contacts anyone by email. Ever.
Yes they do, all the time.
Reply With Quote
  #13  
Old 08-04-2011, 05:52 AM
Shakester Shakester is offline
Guest
 
Join Date: Dec 2008
Yep, I get emails from PayPal too.

What they don't do is provide links in emails, so any email that asks you to click on a link to log in is bogus. But send emails? Of course they do.
Reply With Quote
  #14  
Old 08-04-2011, 06:07 AM
EvilTOJ EvilTOJ is offline
Guest
 
Join Date: Sep 2008
It's possibly a scam. I got this email too, complete with link to click. Only, I didn't get it to the email address I use with PayPal. When I went to paypal.com and logged in manually, I got;

Quote:
Electronic Communications Delivery Policy (E-Sign Disclosure and Consent)
We'd like to continue providing you information about your account electronically such as through email, web pages, and .pdf files.

In order for us to continue sending you information about your account electronically, please read and accept our Electronic Communications Delivery Policy today.

I have read the Electronic Communications Delivery Policy (E-Sign Disclosure and Consent) and agree that PayPal may provide information to me about my PayPal account electronically. I confirm that I can access and print or save emails, web pages and .pdf files that PayPal sends or otherwise makes available to me.
So it could be legit, or it could be phishers knowing paypal sent out an update and they're playing on that.

Last edited by EvilTOJ; 08-04-2011 at 06:08 AM..
Reply With Quote
  #15  
Old 08-04-2011, 06:49 AM
Fear Itself Fear Itself is offline
Charter Member
 
Join Date: Apr 1999
Location: 847 mi. from Cecil
Posts: 28,296
Quote:
Originally Posted by Shakester View Post
What they don't do is provide links in emails, so any email that asks you to click on a link to log in is bogus. But send emails? Of course they do.
And they always address you by your PayPal user name, not some ambiguous, "Dear PayPal User:"
Reply With Quote
  #16  
Old 08-04-2011, 12:09 PM
silenus silenus is offline
Hoc nomen meum verum non est.
Charter Member
 
Join Date: May 2003
Location: SoCal
Posts: 39,433
I sit corrected.

But this one is a phish, because it's to "Paypal user," not whatever my name is on Paypal. And it's sent to my Hotmail account, which isn't the one I use for Paypal. So I was right that it was bogus, just for the wrong reason.

Just like normal.
Reply With Quote
  #17  
Old 08-04-2011, 02:22 PM
pulykamell pulykamell is online now
Charter Member
 
Join Date: May 2000
Location: SW Side, Chicago
Posts: 29,283
Quote:
Originally Posted by Shakester;14099820
What they [B
don't[/B] do is provide links in emails, so any email that asks you to click on a link to log in is bogus. But send emails? Of course they do.
Not sure what you mean. All my Paypal receipts and shipment notices have hotlinks in them.
Reply With Quote
  #18  
Old 08-04-2011, 03:11 PM
MeanOldLady MeanOldLady is offline
Guest
 
Join Date: Sep 2002
Quote:
Originally Posted by silenus View Post
I sit corrected.

But this one is a phish, because it's to "Paypal user," not whatever my name is on Paypal. And it's sent to my Hotmail account, which isn't the one I use for Paypal. So I was right that it was bogus, just for the wrong reason.

Just like normal.
Yours was a phish, but I got the same e-mail the OP describes with my name.



Quote:
Originally Posted by Shakester View Post
What they don't do is provide links in emails...
Yes they do.
Reply With Quote
  #19  
Old 08-04-2011, 03:48 PM
Uber_the_Goober Uber_the_Goober is offline
BANNED
 
Join Date: Jan 2007
Location: My Computer, PA
Posts: 1,246
If you're worried - and you have Chrome as your browser - then when you go to the website just look in the address bar. It says (with a green box around it) the name of the company, and shows that it is indeed a secure connection to the website you actually intended to go to.

Another reason I like Chrome.
Reply With Quote
  #20  
Old 08-04-2011, 03:56 PM
ZipperJJ ZipperJJ is offline
And Finn The Human
Charter Member
 
Join Date: Aug 2001
Location: Northeast Ohio
Posts: 18,041
Quote:
Originally Posted by echo6160 View Post
If you're worried - and you have Chrome as your browser - then when you go to the website just look in the address bar. It says (with a green box around it) the name of the company, and shows that it is indeed a secure connection to the website you actually intended to go to.

Another reason I like Chrome.
Glad you like Chrome but Firefox 3+ does this, as does IE 8+. As long as the site you're on is a secure site.
Reply With Quote
  #21  
Old 08-04-2011, 04:10 PM
Myglaren Myglaren is online now
Charter Member
 
Join Date: Sep 2003
Location: Loonyland
Posts: 1,530
I recently received an email from PayPal - to the correct email account - reminding me that my card was about to lapse and to register a replacement with them.

I ignored it the first couple of times then logged in to my PayPal account to find that although I had logged my new card with them, upon receipt of it, I hadn't activated it.

Although I was at first suspicious it proved to be quite legit.
Reply With Quote
  #22  
Old 08-05-2011, 11:55 PM
Oslo Ostragoth Oslo Ostragoth is offline
Charter Member
 
Join Date: Feb 2004
Location: the Prairie
Posts: 6,728
So, I logged in to PayPal and did the thing there. Seems legit.
Reply With Quote
  #23  
Old 08-06-2011, 12:31 AM
simster simster is offline
Guest
 
Join Date: Nov 2005
Sounds like there are two versions of this email going around - the legit one, and a phishing one that is pretty much a copy of the legit one except for bad links.

As others have said - legit email or not - you will never hurt yourself by typing in the url and going to paypal directly to check it out.

make it a habit of Never clicking on banking/account related links within email -
Reply With Quote
  #24  
Old 08-06-2011, 02:20 AM
psychonaut psychonaut is offline
Guest
 
Join Date: Apr 2001
Quote:
Originally Posted by simster View Post
Sounds like there are two versions of this email going around - the legit one, and a phishing one that is pretty much a copy of the legit one except for bad links.

As others have said - legit email or not - you will never hurt yourself by typing in the url and going to paypal directly to check it out.
Assuming you type it correctly, yeah. I'm sure lots of scammers register domains which are typographically inaccurate renditions of "paypal.com".
Reply With Quote
  #25  
Old 08-06-2011, 09:18 AM
Petek Petek is offline
Guest
 
Join Date: Dec 2008
I received an email message similar to the one in the OP. I forwarded it to spoof@paypal.com and received the following reply:

Quote:
Thanks for forwarding that suspicious-looking email. You're right - it
was a phishing attempt, and we're working on stopping the fraud. By
reporting the problem, you've made a difference!

Identity thieves try to trick you into revealing your password or other
personal information through phishing emails and fake websites. To learn
more about online safety, click "Security Center" on any PayPal webpage.


Every email counts. When you forward suspicious-looking emails to
spoof@paypal.com, you help keep yourself and others safe from identity
theft.

Your account security is very important to us, so we appreciate your
extra effort.

Thanks,

PayPal
However, when I directly accessed paypal.com and logged in, I also was informed of the need to "consent to our Electronic Communications Delivery Policy."
Reply With Quote
  #26  
Old 08-08-2011, 12:35 PM
Spoons Spoons is offline
Charter Member
 
Join Date: Sep 2000
Location: Lethbridge, Alberta
Posts: 10,471
Quote:
Originally Posted by simster View Post
Sounds like there are two versions of this email going around - the legit one, and a phishing one that is pretty much a copy of the legit one except for bad links.
I received one of the phishing ones today. I knew it was a phishing one because I don't have a PayPal account, and never did. But there were also a few spelling errors (for example, "Dear Costumer") and awkward-sounding, almost-too-formal phrasing ("If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service") that would have sent up red flags regardless.

I forwarded it to spoof@paypal.com, and hopefully, they can deal with it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:04 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@chicagoreader.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Publishers - interested in subscribing to the Straight Dope?
Write to: sdsubscriptions@chicagoreader.com.

Copyright © 2013 Sun-Times Media, LLC.