I just received this e-mail in address I rarely use. Does anyone know if this is legitimate?
When I went to the address mentioned in the mail and logged in, I got the green writing on my address bar and the verisign lock, but I know that fishing is very sophisticated these days, so I thought I’d ask here.
I did log in, but I immediately had second thoughts and went to paypal (the address I have) and changed my password.
Anyone else receive this?
Thanks
Q
Yeah, it’s spam/phishing/etc…
You did the right thing going to the real site and changing your password.
Never go to the site in the email. (My, they do look authentic though).
Use your known address.
Paypal’s legitimate emails will greet you by name. The phishing emails don’t, and will call you “Paypal User”.
Not sure why, but so far that has been consistent for me.
It did call me “Bill Craig”… so I am hoping I am okay. Thanks VERY much!
Q
They sent me one I think is legit that said this:
My question is, what are they asking me exactly? I didn’t do anything because how else are they going to communicate with me? Are they going to be required to snail mail people since they’re acting like a bank?
Also, I have to ask why didn’t they also send this to the e-mail address I use for paypal purchases. The other address I used specifically for the bicycle ride I did for the animals last year.
Weird.
Q
If you get one of those emails, don’t click on the link in the message. Instead go to the Paypal (or eBay or bank website) yourself using the URL already in your bookmarks. A lot of times, the address displayed in those emails looks OK, but goes to a different site.
I always mouse over and look at the address. If it isn’t “paypal” I delete it.
What probably happened is someone had your bicycle address in their address book and they got hacked.
This isn’t safe in general, because people can use unicode characters that look a lot like normal english letters to lead you to another site.
Sometimes they can also exploit bugs in web browsers to display a different address.
Basically, anything coming in via email is not to be trusted.
If you haven’t deleted the email, forward it to spoof@paypal.com so that their fraud team can track it down. They are very proactive about online security and they’ll appreciate the tip.
Done. Thanks cochrane. Let’s see what the reply is. I will post it here.
Thanks
Q
I have not received an email about their Electronic Communication Delivery Policy, but I just now went to PayPal by typing “paypal” into the browser on a Mac that does not receive my PayPal emails and I got a page to approve the policy. Looks like they specifically need your approval to email IRS Form 1099-K, rather than snail-mailing it.
Digging deeper online, it looks like only PayPal users who receive over $20,000 per year and have over 200 sales per year will get a 1099-K, so unless you’re running a thriving home business on eBay, you probably won’t have to worry about the tax form. They’re just making sure all users know about the policy. Considering how many millions of users they have, it makes sense that they’re sending out the emails in batches.
I got an ingenious e-mail a couple days ago purporting to be from PayPal, saying in part:
*Notification of Limited Account Access
Dear Jackmannii,
As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you** after noticing an issue on your account.We requested information from you for the following reason:
We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.
Case ID Number: PP-XXX-XX-XXX
In accordance with PayPal’s User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to follow our verification procedure as soon as possible to help avoid this.
Click here to login and restore your account access
Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.*
The right-hand column of the e-mail message urged me to be wary of scammers and to only go to real PayPal addresses (the sample given looked real enough). However, they also provided a link, and the e-mail came from a sender ending with …paypall.com (two letter ls).
So I took a wild guess that this was a scam and reported it to PayPal, who has not yet responded.
Gosh, maybe there is a problem with my account. :eek::dubious:
The above e-mail did use my name. I still think it’s a scam.
**actually this was the first contact. I suspect our scammer, though possessing reasonably good grammar skills, has a problem with past/present tense.
I get an e-mail from Paypal about once every three days or so. I have never even opened them. They always warn me about some pending deadline and I’ve always been suspicious. I seldom have used Paypal, but when I have, I have not had any problems, so I’m convinced that the e-mails I receive are fraudulent. I did forward one or two to Paypal but never heard back. (Or, if I did, I ignored it, figuring it was spam.)
By the way, I read that some of the phishing scams now use a mock-up of the real site that passes your log-in forward to the real deal and takes you to the actual logged in landing page now, so that it’s much harder to tell if you’ve been scammed.
Once again, the best answer is to always manually navigate to the site using a known url rather than taking e-mail links.
Paypal actually did send an e-mail about a change to their policy in the past week or so. My wife asked me about one, and I logged directly onto Paypal. Sure enough, there was a new agreement that required you click “I agree.”
If you’re in doubt, go to the website directly. Type www.paypal.com in your browser (and make sure it’s spelled correctly). As a further check, make sure the page takes you to your Paypal account (a phish would give an error or something that has none of your personal information).
This. And the scammers can use URLs with the string ‘paypal’ in them, like heldesk-paypal.user-support.com or whatever. Never trust emails.