I noticed an email in my spam email address that was headlined as follows:
This email confirms that you have paid JAMES DEAN (james.dean@yahoo.com) $748.81 USD using PayPal. (My bolding)
Fact is I don’t have a PayPal account and wonder if I do respond for the hell of it, might I end up regretting it in any way?
I’ve gotten a lot of these PayPal phish-eries, and so far, have always ignored them.
You’re probably OK. I’d bet it’s designed to get you to follow a link where you will supply your credit card or bank account details, ostensibly to trace this erroneous payment but in practice for something less helpful to you. Just ignore it.
Use a GMail, Hotmail or Yahoo account (if you really want to be professional then use Pegasus - which is lousy but supports multiple IDs - on a multiple address acount)
See what happens - probably you’ll just get some more phishing, my guess is that this is just a filter to attract idiots.
If you do respond, ask him when the heck you’ll be getting all that sausage.
Presumably there’s a ‘log in to my account’ link in the email? What the scammer hopes you’ll do is be so outraged by the false and unsolicited charge as to click it to log into your PayPal account to check on it (the scammer doesn’t know you have no PayPal account).
The link takes you to a login screen that looks like Paypal, but isn’t; you type in your username and password, a message pops up saying “login incorrect, please try again” and you are redirected to the genuine PayPal login screen, where you successfully log into your account and discover the alleged transaction never happened.
But the first login screen was nothing more than a fake designed to capture your login details - so the scammer now has access to your account and can bleed it dry, or use it to launder money, or use it to make fraudulent payment against goods, or any number of things, all of them bad.
I think I’ll just stay away from the whole thing. Thanks for the info, though, Mangetout.
Forward the original email to spoof@paypal.com. They will get the site closed down.
Thanks! I will.
Fat chance. I’ve forwarded a half-dozen of those to the spoof addy per day, get a confirm, but they keep on coming. They’re too profitable to shut down – it’s cheaper to pay a lawyer.
As I understand it., the point of reporting them is not that the scammer will be tracked down and prosecuted, it’s that the ISP hosting the fake login page will be informed and the page will be pulled - the sooner this happens, the less profitable is the venture for the scammer.
But what if the ISP doesn’t care, or is in on it? Is there any legal pressure that can be (or is lilkely to be) brought to bear?
In any event, I forwarded the phishing email I got to the address.
Thanks again, Rayne Man.
It depends on the ISP. Most are very cooperative and will shut them down quickly. If the ISP is overseas for instance, it may be a bit trickier.
Keep in mind that it doesn’t matter how many get shut down or how fast, they will simply increase the output of email to maintain their returns.