PayPal Warning - Please Read!

[launderess]

It finally happened to me and was almost taken.

Received the following email this morning:
------------------------------------------------------
Dear PayPal Customer,

We regret to inform you that this account has been locked.
To unlock your account please follow the link below and complete all the steps.

http://www.paypal.com-id-scgi3.info/login.php

Please Note:
If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and your account will be deleted.

Message 3103

Problem Description:

Suspicious account behavior possible account theft

PayPal Corp.
PayPal Account Review Department
_-----------------------------------------

Since it was early and had not totally woken up yet, made the error of clicking onto the link, but soon got wise and shut every thing down/deleted files.

The link takes one to a supposed "PayPal" page requesting one enter debit card information to "confirm" the account and that it would take a few seconds to verifiy. Page very much looks like the same one PayPal uses when one sets up credit card information, in fact exactly like it indeed.

What got me curious was the fact it only asked for "debit card" information and not credit cards. That is when I shut everything down/cleared my cache/ deleted everything in the history/temp files and contacted PayPal directly.

When logging into my PayPal account directly from either eBay or PayPal's website, you guessed it, absolutely NO warning about being shut down or information requested. If one had entered that information would be a very poor woman right now.

Again do NOT fall for this scam!!!

L.

PS

Also checked the message source for the email, and you guessed it again; the email came from the Ukranie, a hot bed of theft and Internet crime.

Received:

Received: from dbmail-mx3.orcon.co.nz (219.88.242.3)
by sv8pub.verizon.net (MailPass SMTP server v1.2.0 - 112105154401JY+PrW)
with ESMTP id <3-6998-87-6998-189972-1-1139587727> for vms052pub.verizon.net;
Fri, 10 Feb 2006 10:08:48 -0600
Received: from User (solar-ukraine.com [195.5.17.46] (may be forged))
(authenticated bits=0) by dbmail-mx3.orcon.co.nz (8.13.2/8.13.2/Debian-1)
with ESMTP id k1AG7wmY031632; Sat, 11 Feb 2006 05:08:15 +1300
Date: Fri, 10 Feb 2006 18:08:07 +0200
From: "Paypal"<[email protected]>
Subject: **Important Notice**
X-Originating-IP: [219.88.242.3]
To: undisclosed-recipients:;
Reply-to: <[email protected]>
Message-id: <[email protected]>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
X-Virus-Scanned: ClamAV 0.88/1283/Fri Feb 10 09:55:06 2006 on
dbmail-mx3.orcon.co.nz
X-Virus-Status: Clean

Dear PayPal Customer,

We regret to inform you that this account has been locked.
To unlock your account please follow the link below and complete all the steps.

http://www.paypal.com-id-scgi3.info/login.php

Please Note:
If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and your account will be deleted.

Message 3103

Problem Description:

Suspicious account behavior possible account theft

PayPal Corp.
PayPal Account Review Department

 

[kevinpreston8]

Let me add a few things

I am a heavy EBAY user.

I have received emails that state not only what you are saying, but things like a mandatory password changed must be made, or that I am having a non-payment strike issued because of some auction that I have not participated in.

The hilarious thing about some of these is that if you look really quick on the phony link, or click on the properties of the link, the not-so-well-done versions of this trick will show you an AOL web address, or some other address, that typically flashes by so fast that you dont see it, before the phony "form" shows up. I believe this is known as phishing.

Anyways, I contacted AOL with the user account and name and their investigations department emailed me that they were investigating.

Here is the bottom line on ANY email.

Do NOT execute links from within any email...go directly to that company's website and do your business from there.

 

[bobbyderegis]

Once again, Launderess, thank you for keeping us informed and aware. Glad no harm came to you.
Bobby in Boston

 

[toggleswitch]

All I know is when this woman *opens her mouth* NO ONE EVER loses.

a million thanks!

 

[michaelman2]

Laundress...ahhh..I had this same thing happen. Man did Paypal act quicky!....but when I had another scheister rip me off they would only "refund" a partial amount. They took so long to act that he had already depleted the account.

 

[fnelson487]

Watch out for another ebay scam!

This recently happened to me when bidding on a KDS 15 series convertible dishwasher. I got a "second chance bidder" notice that the original winning bid fell through. I knew the winner and called him and he said it didn't fall through. Someone followed up on a closed auction in order to get me to pay. Watch out for that one!

 

[launderess]

You really cannot wait for PayPal to act if one even suspects your banking/credit accounts have been compromised. Contact your bank/credit card company at once and have new cards issued and or explain the situation and see what they suggest.

In the case of banks, it is best to see the manager at your branch rather than rely on call center operators. Sometimes call center operators say one thing and it really is another, then you are left out in the cold. Our bank allows one to see "pending" transactions both online and via the call center. If something does not look correct action can be taken BEFORE the money comes out of the account. Case in point one vendor tried to debit our account twice for the same amount, caught it in "pending transactions" and contacted our bank via telephone. Bank cancelled the second transaction and the money never left our account.

Everyone is busy these days, but it pays to monitor one's bank account carefully. Check mine online each morning and again at least once during the day if not before logging of the computer each night. It is far easier to stop something from happening than to reverse it after the fact.

What gets me is how many clueless people use eBay whose computers are infested with bugs, viruses and such and they do not even know it. These persons click on anything that comes their way exposing anyone who has had email contact with them to a "harvesting" of information by crooks. As eBay becomes a way of living for more and more "Power Sellers", persons who compile databases of their "customers" without taking adequate protection against hackers and such, we all are at risk.

Launderess

 

[air-waycharlie]

More on this

In addition to all the good advice offered here, I too am a big ebay buyer and seller and of course I have received several of these "questionable" emails from not only Paypal but ebay as well.

I always forward them to spoof@ebay or spoof@paypal and ask if they are legit. So far, one was legit from ebay regarding upgrading my seller status. The rest, about 12 or so in the last 2/3 years were all bogus.

Ebay and Paypal get back to you in short order and let you know what is going on and what they are doing about it. I keep both those addresses in my address book for easy access and they have saved me a lot of heartache.

 

[bpetersxx]

Clarlie u are lucky

I get at least 1 per week
5 about a year ago

 

[nurdlinger]

Another spoof...

involves a phony notice of payment for an auction in which you did not participate. The one I get a lot claims to be for $380 for some expensive wristwatch. There is a big, obvious link to challenge the transaction. That's the lure for the scam.

 

[Designgeek]

If you do business with a seller and their computer is infested with bugs, the buggers can get your email address but they can't get your PayPal password. (Otherwise, unscrupulous sellers would have your password and they could siphon your account directly.)

If *your* computer is infested, then yes, the buggers can get anything on your computer including your passwords. They can trick your computer into putting up a fake browser screen, so if you think you're safe going direct to PayPal's website, think again: the fake browser screen captures your passwords and as soon as you log out of PayPal, the buggers log in and clean you out.

Bottom line: no substitute for keeping your own machine clean. Virus checkers, spyware scanners, and so on; closing all nonessential ports; and all the other usual precautions. If you're not a geek, hire a geek to check your machine a couple of times a year and do whatever security upgrades are called for. And then follow their instructions about routinely updating your virus definitions and so on.

And for those of us who use Macs, just because we're safe now doesn't mean someone won't create a bug for MacOSX sooner or later, so we can't go getting complacent either. Though, as soon as it happens, it'll make headlines, so we can at least count on getting some warning. After that, we'll have to be as much on our toes as Windows users presently are.

 

[gregm]

thank you Launderess

thank you for posting that, same thing happened to me and I thought it was weird that they wanted my debit info period ?? I did nothing ..........

 

[JerseyMike]

I get these all the time too. I almost fell for it once. I got a Paypay notice at WORK. (I work for the State of New Jersey and work e-mail address very clearly identifies it as a GOVERNMENT e-mail address. I hardly ever get spam there.) I couldn't remember if I had given my work e-mail address to Paypal as a backup e-mail address. (I probably didn't, but to quote the Lotto commercial -- Hey, you never know.) I actually started to fill the form out. Fortunately,I didn't get very far before decided I didn't need a Paypal account that badly. I wound up deleting it.

Now when I get one on either my home or hotmail address, I merely forward it to Paypal. (Although I'm always tempted to complete it with the most foul and vulgar information that I can think of.)

Mike

 

[rocky2]

Something else I've noticed

You know how the mouse pointer changes from an arrow to the hand with the pointing finger whenever you hover over a Link, well, on all the phishing emails I've seen, no matter what portion of the email you're on, it's always the pointing hand icon instead of the normal arrow.

I must confess though, I too got the Pay-pal email a while back and was almost suckered in. It was the most legit looking.

Fortunately, I went to Pay-pal's site directly to check my status and just like Laundress said, not a mention about a problem.

 

[JerseyMike]

Grrr.... I got another one today ....

About six weeks or so ago, I came home to find a message asking me to call my credit cards "fraud prevention bureau" to verify some questionable charges. It was during the height of the holiday shopping season, so I was using my card a lot. None of the charges that got their attention were mine, so the card was cancelled. (I'm still waiting for some sort of an affidavit that I need to sign.) Today, I got an e-mail that looked like it came from my credit card company. It alleged that there had been some suspicious ATM activity on my card and that I needed to click on a link and do God knows what. (I never clicked on the link.) A quick call to my credit card company confirmed that it was a scam and the e-mail has been forwarded to their fraud department.

The bottom line is that you can never be too careful. This e-mail looked about as "official" as you can get!

Mike

 

[DADoES]

Credit cards and banks will NEVER up and ask for account information via e-mail. It's a different situation if YOU initiated a communication with the bank regarding some issue.

NEVER click a link in an e-mail that supposedly goes to a banking site. Close OUT of the message, close your e-mail and browser. Re-open the browser and go directly to the bank's site for logging in to your account.

My Citibank card has "virtual" account numbers. Log in to the account at their site, and there's a function to generate one-use account numbers that map inside the bank's system to the real account. The function can be either run online on any computer, or they have a small program that can be downloaded and installed for convenience of running it locally on your computer but it still requires a log-in to the bank's site. The virtual numbers expire end of the next month, and the system keeps a history of numbers used and for what purchases.

I had been using a particular card with a low credit limit for online purchases, but have now switched to my Citicard when I discovered the virtual account number feature. Interesting that I had a call from Citibank a few weeks ago about suspicious activity. I thought perhaps it was because of a recent (legitimate) purchase I had made from an overseas company, so I logged in the account and didn't see any trasactions that weren't supposed to be there. There was a prominent text notice in RED on all screens of my account access advising of suspicious activity, please call such-and-such number. So I did, and a fellow in the "Early Fraud Detection Department" or some such rattled off a string of attempted transactions in Italy, Germany, etc. None of those were mine. Turns out somebody had horked a virtual number (possibly from that overseas purchase) and was trying to run a spree with it. ALL the transactions had FAILED because the virtual number had already been used for the intended purchase. No need to cancel/reissue the card because the perp(s) didn't have the real number.