Attention Paypal users!

I received a spoof tonight so good - and so scary - that I reacted without thinking. What was it? It was notification of a charge for something more than $300, and an invitation to protest/disclaim it. It’s the first time that’s ever happened. But when Netscape (Mozilla) didn’t pop my logon into the form right away, I looked at the URL and realized something really fishy was going on. So I logged on to Paypal in another window and looked at my account history.

After that, I set about to forward it to spoof@paypal.com - the way they say to do it, but it diddn’t show anything beyond “Dear Tyger Bryght,” So then I took a screen shot of the body of the message and sent that, along with the HTML (Eudora is wonderful; it will outload the coding in a graphic message) to Paypal.

If you don’t use Paypal, but know someone who does, I urge you to tell them about it. If there were a way to do it, I’d post the graphic here so people could see just how clever - and how scary - this one is.

Did it actually say “Dear yourname”? I thought the spoofs always said “Dear Paypal Customer” or something like that.

Yikes. They must be getting more sophisticated.

I received a similar, scary one just recently, about my eBay account. I didn’t fall for it for even a moment, being the rare and pristine-record-holding eBayer that I am, but I opened it to see if they’d gotten any better.

They have.

You see, I recently updated my account info at eBay, and I’ve never gotten an e-mail from them forever, but suddenly, here was one. And it had my eBay username on it. Creepy.

However, nowhere did it have my real name, so that was pretty good. I decided to click the link, and then open my eBay login page, just to compare… everything was exact except for three things: in the real eBay, since they were in my cache, my username was in the sign-in field. Fake one, no. On the real eBay page, at the bottom of the page was a little warning about protecting yourself, and under it, in grey letters, said to make sure that the address said “https” and “ebay.com”. The fake page had only “http”, and it did say “ebay.com” but had something like “.transactions.ebay.com” after it. It enraged me, not because I was fooled, but because I could see how someone less informed, such as my dear mother, could easily fall for this shit.

So I reported them, got the thank you reply from eBay, then went to the spoof’s signin page. In the username field, I typed: “CthulhuRULES” and in the password field I typed “youhaveangeredyogsothoth”. I clicked submit.

Welcome, CthulhuRULES.

Please enter your credit card information.

Yes, it actually had my real name, first and last, correctly spelled, and it came to the email I use for Paypal. Emails to other addresses are easy to recognize as spoofs.

And then it showed this totally fraudulent charge of $300+, including a name and Paypal ID for somebody (whether or not it’s a real person I dunno), saying it was for a new cell phone. Then there was a link to click, which opened a site that looked perfectly legit. As I said, if it had popped my logon into the windows, I might be in big trouble right now. But it didn’t, so then I looked at the URL, and realized how close I’d come to being completely suckered. And, of course, since it’s the weekend, I wouldn’t have been able to contact my bank to shut down access to my account. :smack:

Moved to MPSIMS (from IMHO).

-xash
General Questions Moderator

Ever since these things came up I have set up a singal credit card w/ paypal, with a limit of $0.25 currently. My CC company offers these types of acounts, if I need to use it I can up the limit as I feel fit, and can reduce it. When I get those notices about my paypal acount has been hacked, I just laugh - yea go knock yourself out, hack it and clean me out of that nice shiney quarter.

I have long protested that the assurances given by eBay/Paypal that “We have included your registered name in the email to show that it is genuine” are about the worst possible form of authentication possible.

In short, identifying spoofs is simple: anything claiming to be from PayPal, eBay or an online bank, and requesting that you click on a link within the email, either to resolve some serious problem, or to take advantage of some surprise windfall, is a spoof - it’s really no more complicated than that.

tygerbryght, I got the exact same thing a few weeks ago (only addressed to me, of course, not you; don’t be silly :wink: ) It claimed that a flat-screen TV was bought through my PayPal for almost $400.00, and “click on this link to dispute this payment”. It did almost get me! But then I thought, I’ve paid for lots of things through PayPayl, and never gotten an email that says “click here to dispute this claim”. In fact, you have to click so many times on so many different pages to confirm things to confirm a purchase, it would be damned hard to make a purchase accidentally, I would think. So instead of clicking on the link, I logged into my PayPayl acct. There was no such purchase in there. :rolleyes:

Once again, folks, the above post was me. Not my daughter. :smack:

I got a fairly realistic one from “eBay” a few days ago, which claimed to be from a member threatening to report me if I didn’t pay for his auction. The message was sent to the address I use for eBay business and was correctly spelled and grammatical. It even included a variation of eBay’s “your username appears in this message to show it really comes from us” but neglected to include my name. I didn’t even notice that at first.

Next, I actually clicked on their link, then caught myself, opened another window, and went to the real eBay. Nothing in the message box. I compared a genuine message with the fake, and found the wording to be different, but a realistic paraphrase. Of course, the real message did include my registered username. And, of course, the real one referred to an actual auction that I really had won.

Next, I forwarded it to eBay. Then I too returned to the fake sign-in screen and entered a few obscenities for the edification of whatever or whoever generated the fake. Didn’t think of anything as good as Anastasion’s response, but I felt better afterward.

I got the fake PayPal one a few weeks ago, claiming I’d bought a pink Razr phone. I thought for a minute my son had been using my PayPal account, and I was furious. He showed me where to look to make sure if it was real or fake, and we reprted it.

Sometimes I think the only reason I let him stay living here is because of his computer help.

kittenblue, that’s what almost fooled me, too: the fact that I’m not the only one who uses my PayPal account. I don’t think my hubby would buy anything that pricey without running it by me first (I handle the finances; I’m the one who would know if we have that kind of disposible income available). But I thought, what if he found a deal he just couldn’t resist, and bought it? Then I came to my senses.

I wonder if these thieves are wily enough to look at our buying history on eBay and figure out what kinds of purchases are likely to come out of our PayPal account, and use those types of things for these scams? :mad:

Same here. What really gave it away, however, was that I got three messages, all the same. So it was obviously a spoof. But if I had only gotten one…

I just wish the law said any spoofer caught would be turned over to his victims, no questions asked.

These newer spoofs have been going around for the last few months – and they really do use your real name. I don’t know where they got it, but probably from some other hacked eBay seller’s account whom you’ve dealt with and therefore has your personal information.

There are some simple ways to determine whether or not the E-Mail is legit – and teh real name thing is no longer one of them.

  1. View the raw E-Mail (with headers). Although “PayPal” may be in the URL, it is never the domain. Something like “www.paypal.com.info” will appear there instead, which naturally means “com.info” is the domain, and “paypal” is a subdomain of it.

  2. Hover over every link in it. Your status bar should show the URL it point to. I don’t know if this is a function of the fact that I use Pegasus Mail instead of Outlook, but whenever I hover over the “Respond Now” or “Open dispute panel” I am unable to click on them – a “No” symbol appears intead of the usual finger-pointer. This is another dead giveaway.

  3. Never, never click any links in the E-Mail. If the E-Mail includes an item number, copy and paste the item number into the eBay search window to go to the auction manually. Doing so will reveal what you already know: The auction has nothing to do with you. If it is a PayPal spoof, log in to your PayPal account manually. If the E-Mail was real it will show up in your new messages. Spoofs will not. Of course, the fake transaction in the spoof also won’t show up in your recent transactions so that’s the other tell.

I never click any links in these E-Mails, even ones I know are legit. It’s good to keep in the habit of doing it all manually.

Hee hee! Those fraudsters are really gonna be in trouble once Cthulhu gets a look at his MasterCard statement.

I once logged onto eBay via a fraud e-mail using the same user name and password: fuckyou.

And it worked!

I haven’t gotten one of these spoofs in at least a year. Thanks for posting- I might have actually fallen for it. I’d never type in my PIN for my debit card, and I don’t use a credit card, though.

What I do is instead of following the link, if I THINK it looks legit, open a new browser tab, go to the PayPal (or eBay) website, and log in from there. If there’s something wrong with my account, THEN I’ll find out.

That’s what I did, as soon as I noticed the wrong URL on the page. And, of course, there were no fraudulent charges on my Paypal account, which caused me to vent a :deep sigh of relief:

The reason why I decided to post this thread in the first place wasn’t for people who are even more suspicious than I am. :wink: It was for people who might react exactly as I did (e.g. trublmakr), and even more for those people who are more trusting, like Anastasaeon’s mother. Not that anybody’s likely to remain trusting on such matters if they are Dopers. :cool: But everybody has relatives and friends who aren’t members, and who might well be fooled.

I hate, loathe and abhor fraud, and fervently desire that perpetrators be caught, and brought to see the error of their ways.

Hear, hear.

Some tips:

  1. Never click the link and sign in through an email, even if it is legit. Always go to the real page first, or simply check the address in the “From” line. If it comes from anywhere other than “paypal.com” or “ebay.com”, it’s a fraud. An example, the recent one I got came from “update@mail18.ebay.com”. As you see, this is incorrect. eBay has no reason to use any other business address other than ebay.com.

  2. Check the url to see if it begins with https. The “s” means secure, and the frauds won’t have that. Theirs will say “http”.

  3. Scrutinize that url: paypal and ebay only use www.paypal.com or www.ebay.com. Never, ever something like www.ebay.sales.com - the one thing I noticed in the newest scams is that they start out saying www.ebay.com, however, instead of there being a backslash after .com, it will say something like www.ebay.com.transactions.com/. Watch out for that extra crap.

  4. Compare the two pages, and the urls. Often the fraud page will have, say, half a warning on the bottom of the page. A legit ebay sign-in page has This written at the bottom:

“Account protection tips
Be sure the Web site address you see above starts with https://signin.ebay.com/

A fraud page may have the hyperlinked “Account protection tips”, but will conveniently leave out the entire bottom line. A subtle trick.

  1. If any of this is confusing, or makes your head hurt, or you’re just plain old feeling too lazy to research, just assume *all of it * is fraudulent, and just take the email and immediately forward it to “spoof@paypal.com” or “spoof@ebay.com”. Do not “reply to”, forward it, to those addresses only. If the email is fraudulent, you will get an automatic reply from either of those emails very quickly, with a little note of thanks and they will tell you themselves that the email did not come from them. If it is legit, I’m sure they’ll tell you in the same manner, however, thus far, I’ve only ever gotten back something along the lines of “Thank you for repoting this, this email did not come from us”.
    These frauds really piss me off. I didn’t mean to come across as cocky in my original post to this thread by saying I don’t fall for that stuff. It just really gets to me to know that these guys could easily get to my mother, who is certainly intelligent in her own right, and she’s pretty good with computers and the internet, but there are still things she hasn’t learned or gone through yet. How can you know how to deal with something if you’ve never had to? I’ve been using eBay since 1995 or 96, my mother has only signed up this year. And even though I’ve been using it for 10 or 11 years, you know, when I got that email the other day, shortly after I had just updated my information, though it may have been for only a split second, I paused… you see, they requested a “re-update” of my account, because the recent changes I had made were somehow faulty. This is a bad ploy, anyway, since if anything were wrong, you would have been told as you were entering information. You know, when you try to send the information, but then it brings you right back to the page, and in red writing, it will always tell you whatever was wrong, ie: “Please enter your email address”, and you go “Oops! I forgot to input that!” and it won’t let you past that page until you’ve gotten it right. So there should be no reason you get an email from anyone telling you your information is wrong. Because hell, even if you got the email incorrect, you certainly wouldn’t be getting an email from them, now would you? :wink:

Just take care.