Man these guys are getting good. I got a nice HTML E-mail that looks like it came from PayPal with the right logos and colors.
The first thing I did was look at the header and to me it looked legit as it seemed to come from Pay Pal and did not go though mutiple mail servers as far as I saw.
Return-Path: <paysecurity@paypal.com>
Delivered-To: --my address removed–
Received: (cpmta 5954 invoked from network); 18 May 2003 20:08:30 -0700
Received: from 62.218.123.2 (HELO compuserve.com)
by smtp.c000.snv.cp.net (209.228.32.61) with SMTP; 18 May 2003 20:08:30 -0700
X-Received: 19 May 2003 03:08:30 GMT
Date: Mon, 19 May 2003 02:23:22 +0000
From: Paysecurity <paysecurity@paypal.com>
Subject: Dear PayPal Customer!
To:
References: <0I5A8CF8A022HJKFG@levy.net>
In-Reply-To: <0I5A8CF8A022HJKFG@levy.net>
Message-ID: <GHB339LFB85K.ELBD@paypal.com>
Sender: Paysecurity <paysecurity@paypal.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_1CD7.CLKGBID5B184D.L6J7_9"
Status: U
X-UIDL: PshKsNHkID0XWwE
The text of the E-mail which was writting in HTML said
This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.
The inactive customers are subject to restriction and removal in the next 3 months.
Please confirm your email address and and Credit Card info number by logging in to your PayPal account using the form below:
It had boxes to enter the following
It asked for the following information Email Address:
Password:
Full Name #:
Credit Card #:
Exp.Date(mm/yy) #:
ATM PIN (For Bank Verification) #:
The form goes to http://www.paypal.com@funnygirls.port5.com/pp.php if you click on the submit link it breidly redirects you to funnyfirls.port5.com then that redirects you to the paypal login page. I have already E-mailed Pay Pal about it. port5.com is an web host out of Surry and funnygirls seems to be a site that have credit reports info
I almost fucking fell for this scam, then I would have had to change my passwords and my bank account and credit card numbers because they would have had access to my information. Why the fuck do people try to pull these scams off?
About 4 months ago I fell for a similar scam, only they also wanted SSNs along with bank account numbers and all sorts of personal information that I fortunately didn’t give them.
I have to take responsibility on this, I didn’t check the URL to make sure that the site was a legit PayPal site, I just relied on the purty colors. Fortunately for me, they got greedier than my bank account allows.
That being said, PayPal can do a bit more to protect its customers. Like, quite a bit more. There are itty bitty notes at the bottom of PayPal letters that say “be careful.” You’d think they’d want to make it a POINT to tell you, but nooooo…
Plus, it was a massive pain in the nalgas to inform PayPal about what was happening-- “want to make a complaint? Need a password. Missing your password? Need a security code. Security code problems? You need your password.” Kind of difficult to do when ALL your PayPal info has been hijacked.
0I5A8CF8A022HJKFG@levy.net is not my address. Levy.net part of a company is a company that “rents” E-mail addresses in the namespace they own. You renew your name every year. I have no idea if 0I5A8CF8A022HJKFG is a valid user there, but I doubt someone is going to buy an address that had to remember
I once had an auction end and I got an email that LOOKED for all the world like a Paypal email telling me they paid…I however went to Paypal and there was nothing in my accound to show they paid and when I contacted the buyer he never responded.
I guess he took a shot at ripping me off…I reported him to Ebay AND Paypal.
MannyL, I go the exact same email some weeks ago and reported it to paypal but it seems the scam is still going on.
I just don’t understand how people fall for this stuff. I did see the fake paypal return address but, in any case, that’s not the point. No reputable entity is going to ask for your information like that and, if any one does, I’d be closing my account with them. Anyone who falls for this is really very naive.
I am amazed by the gullibility of people. What the hell are they thinking? If you get a phone call from someone saying it is your bank and you need to make a deposit and they will send a guy to pick up the money. . . would you give the guy any money? Does that sound like the way a bank operates? If you think so please email me as I have a proposal for you.
Well, right after I posted I reported it to the mods, so maybe they removed it before you saw it, but it was there. Sorry if I offended you by mentioning it.
In my defense it was a pretty hectic day plus at the time I had quite a few business transactions flying through PayPal and didn’t want to stall them. I also had NO idea there was a scam going on, and heaven knows PayPal wasn’t being very good about alerting their membership.
But truthfully, I really can’t fob much of the responsibility off on them. I really SHOULD have follwed my gut instinct, which at the time was saying “odd, there’s a lot of info on here I shouldn’t be giving out.” Fortunately there was a lot I didn’t put on the fake form. But I’m an idiot and went ahead and submitted what info I did fill in. Yes, I’m a putz.
Really weird… I got this bit of spam today, too… check out this note:
I checked the headers and it looks legit, but they’re asking for a LOT of the same information and the link takes me to the PAYPAL site. Does Paypal do this?
To be safe, close the email, and in your browser, just type in https://www.paypal.com (Note the https indicating a secured site) and go there yourself without using any links.
Freyr, I’d need to see the entire message in HTML to know what’s up. Forms redirects can be surprisingly well-concealed, especially when buried in 300 lines of coding.
Paypal’s security info page is here and includes links for reporting spam and scams.