Dog Community

Is this a new paypal scam?

Posted : 5/22/2006 10:43:13 AM

I couldn't find anything at Snopes...I think it is....

[align=center]
Password change required!
Dear PayPal Member,

We recently have determined that different computers have logged in to your PayPal account, and multiple password failures were present before the logons. We strongly advice CHANGE YOUR PASSWORD.

If this is not completed by May 25 , 2006, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. Thank you for your cooperation.

[linkhttp://www.paypal.securitysslupdate.com/us/webscr.php?cmd=LogIn]Click here to Change Your Password[/link]

Thank you for your prompt attention to this matter.

We apologize for any inconvenience.

Thank you for using PayPal!

cakana

Posted : 5/22/2006 10:58:14 AM

I definitely think it's a scam. We got a very similar email regarding our Amazon.com account. It looked totally authentic but it wasn't. I would just delete any emails like this and if you're worried, got into your paypal account (but not using their link) and change the password that way.

pumaward

Posted : 5/22/2006 11:33:54 AM

Paypal's ways to identify fraudulent e-mails.
https://www.paypal.com/cgi-bin/webscr?cmd=_vdc-security-spoof-outside

Mia

Posted : 5/22/2006 12:20:12 PM

Paypal will always use your actual name in their e-mails. That's the easiest way to tell.

The other thing would be just never click on a link in an e-mail. Just go navigate to the site on your own.

rwbeagles

Posted : 5/22/2006 12:35:28 PM

just send it along to Paypal and they'll let you know. They also disable the webaddy's sent in the mails as well. [email=spoof@paypal.com]spoof@paypal.com[/email]

marty_ga

Posted : 5/22/2006 12:48:15 PM

Thanks all! I forwarded it on to them, so we shall see.

Firestorm

Posted : 5/22/2006 2:13:34 PM

Paypal never puts links in their emails.
they tell you to go directly to their site and check things!

jeano

Posted : 5/22/2006 2:51:01 PM

Paypal, banks, ebay.....NONE of these places will send you an email telling you to log in and give your information again. NEVER, EVER.

NEVER reply to this kind of email. It's always a scam. Never, ever click on a link from this kind of email. If you look at the top of the screen you will see that their website url isn't really at PayPal or Ebay or whatever. But if you aren't internet savvy then you will miss that part of it.

This is from the snopes.com page warning people:

At least
since the summer of 2002, PayPal and eBay customers have been plagued by "phantom e-mails" that require them to provide their credit card and bank account numbers to restore their accounts to fully operational status. Don't be fooled — those "phantoms" do not originate with either PayPal or eBay; they are the creation of thieves intent upon harvesting bank account and credit card numbers from the unwary.

The one showcased above first appeared in inboxes in March 2003. Although some elements of the form are genuine (the little blue PayPal symbol links to paypal.com, for example), information entered into the data boxes does not get sent to the online banking house; it is instead routed to an e-mail address in Russia.

Earlier versions ran the con in a slightly different way: Official-looking e-mails informed users their accounts had been flagged for fraud investigation and provided a hot link to a special PayPal web page where they could fill in the blanks — name, address, credit card number — necessary to reinstate their account status. Those earlier hot link manifestations would momentarily connect the about-to-be-defrauded to PayPal's home page before switching to a counterfeit verification page housed on an entirely different site.

Both eBay and PayPal (eBay bought out PayPal in 2002) swear they never ask for personally identifiable information via e-mail., and both have stopped including web site hot links in messages to members. Ergo, if you get an e-mail "from" one of these entities asking you for credit card or banking account number, it's not the real thing.

This form of theft is not new, even if the techniques now be used to accomplish it (CGI scripts and hot links) are. The same basic con has been used for a very long time and has flourished in numerous less techno-terrific ways — it's all about getting potential victims to hand over their banking and credit information, a objective the con artist accomplishes by masquerading as a bona fide representative of a reputable and trusted organization which would have reason to ask for that information. In the non-cyber world the unwary have been duped into providing such sensitive financial details via fake IRS forms which appeared to have been issued by the victims' own banks. (The victims would fax the completed forms to the fraudster, thinking they were filing them with the Internal Revenue Service.) An even less technology-driven scam requires nothing more than a telephone and the local phone book: the defrauder skims the white pages for people who live near a particular bank and calls them, presenting himself as an employee of that financial institution who needs to confirm their account information. Because people tend to patronize the bank closest to where they live, the thief will encounter very few responses of "No, you've got the wrong Molly Brown — I don't have an account there." We tend to accept the way people present themselves at face value, so only a handful of us think to question someone who greets us by name, identifies himself as working at our bank and informs us there is something wrong with our bank accounts. His straightforward request that we read off the account numbers from our checks will all too often net him the information he seeks; only long afterwards (if at all) do we stop to wonder why, if he had our names and phone numbers, he didn't have the details of our accounts at his fingertips as well.

Scams that trick the gullible into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by talking to them. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service through its web site and ask them about the e-mail.

The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn't mean it's genuine, and just because you're being directed to a web page that looks like that entity's home page doesn't mean you're not being sent somewhere else. Beware the wolf in sheep's clothing lest you end up his dinner.

marty_ga

Posted : 5/22/2006 3:14:43 PM

There is no way I would have clicked on that link, because I remember that other scam as well. I think I put it there more as a warning to others. Thanks for taking the time to post that material, Jean.

I think for safety, I will delete that link.

Arggg, I don't know how to delete it....

fizzlbriches

Posted : 5/22/2006 4:04:39 PM

I just recently got an email from PayPal that I suspect was not real also. Mine said that my CC had been charged and it gave me the item purchased and where it was shipped and then had a link to click on "if you did not authorize this charge". I decided to wait a day or so to see if anything came up in my checking account and so far nothing so I figure it was a scam. It's just crazy all the things going on online.

fizzlbriches

Posted : 5/22/2006 4:32:24 PM

I just went to check where the email came from and it wasn't even sent to the address that paypal has.

pumaward

Posted : 5/22/2006 4:41:56 PM

I had one of those in my junk mail. Just to be sure, I go to paypal... sure enough, no charges [

]

garrettandpaul

Posted : 5/22/2006 6:23:21 PM

We recieved an email very similar to that one only it said that our credit card account had been suspended because of fradulent use so that we needed to updat some information. Ofcourse I didn't do it and nothing happened to our account an when I email the credit card company they even explained that it was a scam to get information.

Debbi

Posted : 5/22/2006 6:35:19 PM

It is a scam. I get them all the time. I just forward it on to paypal and they usually email me to say it was a scam and not to click on link. I just delete them, but in the meantime I always go and change my paypal password. I figure if someone has my email addy and knows I have a paypal acct I should do that for securitys sake

Debbi

dyan

Posted : 5/22/2006 8:56:52 PM

I've been getting them also. Been getting a few from a lot of companies,,,or should say PRETEND companies. I even got a couple from Chase bank,,,in fact I got one a couple of days ago. AOL is good about catching some of these now,, they warn you about phishing.