Catching Spoofers?

I forward dozens of spoofs to PayPal and eBay every week.

Am I wasting my time forwarding these things?

Are any of these spoofers ever caught?

If caught, do they get fined or go to prison?

They can be caught, but few average joes have the tools and the wherewithal to catch them. You can track them to the server that sent you the message – but that’s probably just going to lead you to an anonymous remailer, a hacked account or a hijacked computer. Tracing it backwards from there is going to take considerable more sophisticated tools and methods and will require no few calls to various service providers.

About the best thing you can do is keep reporting them to PayPal. They can launch their own investigations, involve the authorities, and so on, and hopefully catch the slimebags perpetrating this crap.

Oh, to answer your last question, it is a criminal offense (fraud) so if convicted they could face jail time. The individual(s) can also be independently sued by any service provider they used to further their scheme.

I really need to learn to use “preview” so I can properly finish my thoughts. :roll:

I should additionally point out that many if not most of the scammers and phishers are outside of US juristiction, so they would either have to be prosecuted in their own country in accordance with their country’s laws on the matter, or the US would have to attempt to have the individual extradited to the US to be prosecuted under US law.

Okay. I’m done.

Still - my question was vague; I should have asked simply,

Has PayPal or eBay ever tracked any of these spoofers and prosecuted them?

LOL. Did you mean :rolleyes: ?

Yes, dangit. Stoopit vB tags are different here. And I still didn’t hit preview. :smack:

Where did I put that wet noodle?

It’s never occurred to me to forward these on… I did log onto paypal (maybe they like the spoof e-mails, 'cause it causes more logins to their site?) and got the spoof address. Within 15 minutes, I got the following back. Is this normal/what you got? I think you ask an interesting question. Are these people ever caught, and if so, I don’t ever seem to hear about it:

Dear (boneyking),

Thank you for bringing this suspicious email to our attention. We can
confirm that the email you received was not sent to you by PayPal. The
website linked to this email is not a registered URL authorized or used
by PayPal. We are currently investigating this incident fully. Please do
not enter any personal or financial information into this website.

If you have surrendered any personal or financial information to this
fraudulent website, you should immediately log into your PayPal account
and change your password and secret question and answer information. Any
compromised financial information should be reported to the appropriate

If you notice any unauthorized activity associated with your PayPal
transaction history, please immediately report this to PayPal by
following the instructions below:

  1. Go to
  2. Click on the Security Center at the bottom of the page
  3. Click on ‘Report a Problem’
  4. Select the Topic: Report Fraud
  5. Select the Subtopic: Unauthorized use of my PayPal Account
  6. Enter your question in the ‘Summarize your question in one
    sentence’ box
  7. Click Continue
  8. Follow the instructions to access the appropriate form

We are continually improving our customer service to accommodate
members’ needs and can be contacted via secure webform at

If you are unable to log in to your account, please contact us using the
webform at

This email is sent to you by the contracting entity to your User
Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe)
Limited is authorised and regulated by the Financial Services Authority
in the UK as an electronic money institution.

Yes, that’s the normal canned response to spoof reports. What they do with those reports I don’t know, but I’m sure they must investigate at least some of them. I don’t know if or at what point they involve the authorities, but assuming they can provide some compelling evidence that they have tracked down the offending phisher(s) – at least as far as the law and resources will allow them, then I’m pretty sure they can pass that information on to the FBI’s Cyber Crime Unit for further pursuit.

I always report them, figuring that the more examples paypal/eBay have, the more likely they can block them and improve security, even if they’re not able to prosecute the perpetrators.