Don’t be fooled by spoof PayPal mails
November 2, 2006
Forwarded this PayPal phishing email to spoof@paypal.com and got a reply several hours later:
Thank you for contacting PayPal about a fraudulent (spoof) email or Web
site. We appreciate you bringing this suspicious email to our
attention.We can confirm that the email you received was not sent by PayPal. Any
website which may be linked to this email is not authorized or used by
PayPal.Our fraud prevention team is working to disable any website linked to
this email. In the meantime, please do not enter any information into
this website. If you have already done so, you should immediately log
into your PayPal account and change your password, as well as your
security questions and answers. We also recommend that you contact your
bank and credit card company immediately.
Reporting unauthorized PayPal transactions
In the same email, PayPal also gave a step-by-step guide to report unauthorized transactions in one’s account.
If you are able to log into your PayPal account:
- Log in to your account at https://www.paypal.com
- Select the “Resolution Center” subtab.
- Click “Open a dispute.”
- Select “Unauthorized transaction,” then click “Continue.”
- Enter or select the transaction ID for the transaction you would like to dispute, then click “Continue.”
- Complete the report for Unauthorized Use on a PayPal Account, then click “Continue.”
- Confirm that the claim is correct, then click “Submit.”
If you cannot log in to your account:
- Go to https://www.paypal.com
- Click on the “Security Center” link located at the bottom of any page.
- Under the “Report a Problem” column, click on “Unauthorized Transaction.”
- Click “Continue” under “Unable to log in?”
- Confirm that the transaction in question is unauthorized then click “Continue.”
- Complete the report for Unauthorized Use on a PayPal Account, then click “Preview.”
- Confirm that the claim is correct, then click “Submit.”
- Confirm your account ownership by entering the financial information requested, then click “Continue.”
Ways to fight spoof emails
Here are PayPal’s tips on how to fight fraudulent emails.
- Report it. Forward the entire email - including the header information - or the site’s URL to spoof@paypal.com We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
- Use Account Guard on the eBay toolbar. If you use Internet Explorer, download the eBay toolbar. Account Guard helps ensure you are on PayPal or eBay.
- Use the SafetyBar. Email security provider Cloudmark has engineered a toolbar for Microsoft Outlook you can use to report spoof emails. Should you receive a spoof, click the SafetyBar’s “Block Fraud” button to automatically report it to us.
Fake PayPal email
November 1, 2006
Now that you have a PayPal account, you should be wary of emails you receive supposedly from PayPal. Although the emails might have a header and logo similar to that of PayPal, most of these are actually phishing mails intent on stealing your personal information.
More information about phishing, how to check if an email is fake, and ways to protect yourself from phishing can be found in the What is Phishing? article. A sample phishing website is explained in the “Beware of the fake egold website!” article.
Yesterday we received an email purportedly from PayPal asking us to login to the site to update our personal records. Failure to do so, the email says, will result in account suspension. Here’s a screenshot of the email.
What is Phishing?
October 8, 2006
Ever received an email from eBay asking you to verify your account? Or from e-Gold warning you to login to your account otherwise it will be suspended? Or from Yahoo Mail asking reactivation because your account has been hacked?
If you dismissed the email and simply deleted it, good for you. But if you opened it, clicked and accessed the link, and tried to login to the website, congratulations, you have just become a victim of a phishing attempt.
Phishing (pronounced “fishing” as in “fishing for information”) is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. The phishing email usually looks like an official letter from a trusted source, such as a bank, credit card company, payment processor, or online merchant. Phishing emails normally direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
How a phishing website works is explained in the “Beware of the fake egold website!” article. Sample phishing emails are in the following threads in the forum:
Do they really think we’re that stupid?
September 17, 2006
Got this email today. It’s obviously a scam targeting the greediest of all greedy ginks.
Does “Cheryl” really think we’d believe that she can double our money if we sent her $30? That e-Bullion has a flaw in the system that will let you “rob” them? And that, uh-huh, you can get away with it?
Sure, there are thousands (probably millions) who’d fall for this, but don’t be one of them!
Beware of the fake egold website!
July 20, 2005
Pinoy Money Talk (PMT) chanced upon a site that takes the look of the original egold site in an attempt to deceive egold users, with the intention of hacking accounts.
The fake site can be found at www.e-qold.com, as opposed to the original www.e-gold.com site. Notice that the fake site cunningly used “q” which can actually be mistaken for “g,” deceiving e-gold users that they are in the actual e-gold website.
