PayPal account security measures phishing scam alert
PayPal users will most likely have received an email apparently from abuse@paypal.com with the subject PayPal account security measures. It is not from PayPal but a phishing scam from Beijing, China - the email IP origin.
What is phishing?
From PayPal's security centre, "Phishing is a form of fraud designed to steal your identity. It works by using false pretenses to get you to disclose sensitive personal information, such as credit and debit card numbers, account passwords, or Social Security numbers.
One of the most common phishing scams involves sending a fraudulent email that claims to be from a well-known company. Phishing can also be carried out in person, over the phone, through fraudulent pop-up windows, and websites."
The fraud email claims that there have been repeated unauthorised attempts at logging in to your PayPal account and therefore you need to go to a certain website to secure your account. Here's the phishing email:
Military Grade Encryption is Only the Start
At PayPal, we want to increase your security and comfort level with every transaction. From our Buyer and Seller Protection Policies to our Verification and Reputation systems, we'll help to keep you safe.
We have recently noticed one or more attempts to log into your PayPal account from a foreign IP address and we have reasons to believe that your account may have been hijacked by a third party without your authorization.
If you recently accessed your account while traveling, the unusual login in attempts may have been initiated by you. However, if you are the rightful holder of the account, click on the link below to log into your account within the above-mentioned period.
Click here to Secure your account
http://dezandgravertjes.nl/www.paypal.com/secure-login/
If you choose to ignore our request, you leave us no choice but to temporaly suspend your account.
We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend to verify your account in that time.
If you received this notice and you are not the authorized account holder, please be aware that it is in violation of PayPal policy to represent oneself as another PayPal user. Such action may also be in violation of local, national, and/or international law. PayPal is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.
Thanks for your patience and understanding as we work together to protect your account.
Sincerely,
PayPal Account Review Department
PayPal, an eBay Company
As with fake DVDs, there are spelling errors in the phishing email. The scary thing is, the link provided is a redirection to what looks like the actual PayPal site. If you try entering some fake email and password such as "dieyoubloody@scammer.com", like I did, you will still be taken to the page to enter your credit card details.
So be warned and keep yourself informed of online scams.
A real beauty that's 0.34 inch thick, the iPad 2 weighs just 1.35 pounds, with a 9.7-inch capacitive touchscreen IPS LCD display running a custom 1GHz dual-core Apple "A5" chip.
Incredibly phishing is still on the rise, even as more and more people hear about it. Phising sites (the actual site you end up at if you unwittingly click on the link in the email) are increasing up 900% from a year ago. It is still one of the best plays in town.
Paypal cannot get their hands around it because if people continue to hand out the account information, they are all but helpless in stopping them.
While banks also make a good phishing target, Paypal is the grandady because of the shear volume of accounts. Odds are a lot better that a Paypal email will hit the mark vs. a national or regional bank matching a person who has an account.
People need to stop reacting to emails emotionally. People react to phishing emails, because the thought of being inconvenienced obviously takes precedence over logic and plain common sense.
There is also spear phishing:
A highly targeted phishing attack. Spear phishers send email to all the employees or members within a certain company, government agency, or organization.
The message might look like it comes from your employer, or from a colleague who might send a message to everyone in the organization, such as the head of HR or the person who manages the computer systems, and could include requests for user names or passwords.
While traditional phishing scams are designed to steal information from individuals, spear phishing scams can possibly work to gain access to a company’s entire computer system.
If you respond with a user name or password, or if you click links or open attachments in a spear phishing email, pop-up window, or Web site, you might become a victim of identity theft and you might put your employer at risk.
Spear phishing also targets people who use a specific web site. Identity thieves will use any information they can to personalize a phishing scam to as specific a group as possible.
It is up to the individual to defend themselves.
I got exactly the same email and the site they asked me to log in was just http://www.paypal.com/secure-login/ . I almost finish keying the password than I felt uneasy, so I manually typed in http://www.paypal.com and looked for any news about this. Thank god I didn’t.
Yes yes, the phishing website looks exactly the same, because I compared the 2 website together and phew….It’s really the same. I don’t understand why China and Nigeria has so such intelligent idiots around. I wonder how much money have they conned so far.
Anyway, good thing you alerted the readers about this, otherwise the consequences might be disastrous.
With over 100 million PayPal users, they just need a small percentage of careless users to key in their credit card numbers and it’ll still be worth it. Let’s say out of 100 million, only 0.5 percent fell for this scam. That’s 500 000 credit card numbers.
Thanks for the information Michael. Some phishing aspects I didn’t know till now.