PayPal says I paid WHAT!?!
Click to view larger image.
Don’t fall for it. The immediate reaction may be to click one of the links in the email, but avoid this temptation. Clicking could lead to a page, where you unknowingly type in your PayPal password because you think you are logging into PayPal.
Instead, open a new browser window and manually type the PayPal URL [paypal.com] to ensure you access the real site. After logging into your account, check your transaction history. If something is off, contact PayPal using the methods available on the legitimate PayPal web site. DO NOT use the methods in the phishing email, unless the charge was legitimate.
Though this email looks legitimate, let’s look at some of the obvious indicators that it is a phishing scam:
- All of the links in the email are the same. Therefore, no matter where you click you’ll end up right where the scammers want you to be.
- PayPal’s email address in the “From” section is NOT a PayPal email. Typically, email from PayPal use firstname.lastname@example.org or email@example.com [see image #1]
- A PayPal receipt always includes the recipient’s shipping address. However, in this example, the scammers only included the seller’s shipping address. [see image #2]
- A big warning sign should be the product listed as purchased. If you know you didn’t buy it–or spend that much money on anything using PayPal–or don’t even have a PayPal account, be weary of anything inside of that email.
- PayPal will use your name in the email when addressing you (i.e. “Hello Jane Smith”–not your email address).
- The information in the footer of the email is different from the information PayPal uses in the footer of their transaction receipt emails. [see image #3 for the CORRECT footer info.]
#1: Not a typical email address used by PayPal
#2: That is definitely not my address!
#3: This is what a REAL PayPal email footer looks like.
Last week, the LearnIT Express webcast was called “Phishing Blues.” It ran about 12-13 minutes, included annotated examples (and discussion) of some of the scams seen at UD, and some suggestions for what to do if you fall for a phishing scam or submit personal information at a pharming site.
It is available for viewing on demand.
Congratulations, UD colleagues. You’re starting to catch more and more phishing scams without help from IT or your departmental IT professional!
Today we’ve had multiple reports about this fake PayPal notice:
PayPal is NOT going to send a notice like this to a visible mailing list. Do you know how to recognize this scam?
Just like some of the other scams we’ve seen lately, this one looks good at first, but in about 5 seconds you should be able to tell it’s a scam:
- The large payment amount is supposed to send you into a panic so you just click one of the links in the message to investigate.
- The message is sent to multiple email addresses. And you can see those addresses. Some of the phishing scam boiler rooms have been sending out a lot of phishing spam with this trait. PayPal, American Express, Banks, credit card companies, merchants, and other legitimate entities will never reveal customer email addresses to other customers.
- The links in the message do not go to a valid PayPal site. If you see a message like this one, hover your mouse over a link before you click. See where it goes.
You’re always safest to not click links in a message like this one. If you want to check to see if this is a valid notification, it’s much safer to log into your PayPal account using the standard URL you know and trust.
See a message like this one? Just delete it.
The holiday shopping and shipping season is upon us. We’re seeing more phish tailored not to your UD email account, but to the likelihood that you’re shopping on line this year. We’ve talked about package scams before. Here’s another holiday classic: your account at our company has been hacked, and, therefore your PayPal account may have been hijacked!
If you see a message like the one below, delete it. Commentary follows.
Subject: Security notification regarding your Online Access!
Date: Fri, 18 Nov 2011 02:43:22 -0500
From: Customers Service <Veryfiacc2011@account.com>
Identifying Unauthorized Logon Attempts on 18/11/2011: (Error Message No.
FE0LAPWMLWWQ9) Your account access has been limited for the following reason(s):
1. We would like to ensure that your account was not accessed by an unauthorized
third party. Because protecting the security of your account is our primary concern,
we have limited access to sensitive Pay`Pal account features.
2. Unusual account activity has made it necessary to limit account access until
additional verification information can be collected.
3. If your account was hijacked, the PayPal account attached is vulnerable too.
Please respond as soon as possible!
Pay`Pal Confirmation link: http://www.rpaonline.com/catalog/images/admin/index.php
Once you complete all of the checklist items, your case will be reviewed by one of
our Account Specialists. We will send you an email with the outcome of the review.
If, after reviewing your Pay`Pa| account information, you seek further clarification
regarding your account access, please contact Pay`Pal Online Banking by visiting
the Help Center and clicking "ContactUs".
Copyright 1999-2011 Pay`Pal. All rights reserved
Copyright Sandstone Technology Pty Ltd [ 2.0.63 7CFD 2144 FBEE ]
This email has been scanned by the MessageLabs Email Security System.
The scammer’s feigned concern for your security, copyright notice, fake “must be important codes” (error message number and some alleged code at the end) make it seem credible at first glance.
But can you spot the phishy signs?
- Who is this from? What catalog company? PayPal itself? Ha.
- Nice spelling: PayPal, Pay`Pal, and Pay`Pa| (with a vertical line instead of an “L”) — uh, huh, right.
- What the heck are the sender’s alleged address and alleged reply-to addresses? account.com and pay.com?
- That link in the middle–PayPal or the unnamed catalog company will probably not include a link for you to click to verify your information. Besides, look where this one goes. That’s not a PayPal site! And it’s not a catalog any of us have ever ordered from!
- A little bit of badly-translated English has crept in: “Customers [sic] Service”; “sensitive” account features; European date format at the beginning.
We’re thrilled that so many of you are starting to send us phish like this one. Keep up your vigilance.