Clever e-mail scam: Someone bought this in your name
[ Photo: J. Fox ]
I've been getting e-mail phishing scams for several years and thought I'd seen it all. But this week I received an e-mail that wasn't the usual "We're doing a security check and need your password" scam.
The e-mail appears to come from PayPal, a popular institution often imitated by scammers. What's unusual is that it seems to be a confirmation of a purchase, for more than $400, paid from my PayPal account. There's even a realistic-looking transaction, including the name and address of the person whom you're supposed to assume made the purchase.
I picked this up as a scam fairly quickly because I've trained myself to recognize such cons. But I suspect that a consumer fearful that their PayPal account had been incorrectly charged would hastily follow the scam's instructions to click on the “CANCEL TRANSACTION” link to sign into their account.
If that link were still active (it wasn't when I tried it), doing that would give the criminals the information they need to immediately access the account and drain its funds. (Based on our most recent State of the Net Survey, we estimate that, over the past two years, about 7 million American consumers gave such phishers personal information and that, nationally, phishers stole nearly half a billion dollars from online consumers.)
Here's how to avoid becoming a cybervictim:
- Never click on links in any e-mail, from any institution, that offers to take you directly to your savings, checking, or other financial account.
- Remember that most reputable financial institutions never send e-mails asking you to access your account. No matter how genuine such an e-mail may look, it's probably bogus.
- To report a phishing e-mail forward it to the Anti-Phishing Working Group
- For free tips on how to stay safe online, visit our Online Security Guide.
- To find the best software for protecting your computer, see our Ratings of Security Software Suites (available only to subscribers).
—Jeff Fox/em>
Previous
Posted by: Dave | Nov 14, 2009 7:53:59 PM
Hi, just want to pass this on, as I don't own a web site to do so. About two days ago, I got an email in my gmail from "PayPal" as follows:
Hello David Rxxxxx,
As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account.
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Case ID Number: PP-830-528-499
For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause.....etc.,.....
Anyhow, after changing password and security questions...what I failed to notice was the lack of the PayPal 'logo' ....which is usually included in all real PayPal emails, of which you can click on to take you directly to the site. Just want others to know...look for the PayPal logo on the email. If you click it and you go to site, it's the real thing...if there is no logo or maybe one that will not work when clicked on ....it's a scam! Now, I'm awaiting a letter to arrive in the USPS mail to confirm my location, regarding my true identity of the PayPal account in question. I plan to send it back full of fake info!
Thanks, Dave
Posted by: peterzimbelman | Jul 12, 2009 7:38:23 AM
Best solution of all??? I REFUSE to do business with PayPal. They have proven to be untrustworthy to me and to friends. Impossible to get a fair resolution on your problem. If you have American Express - use it. They protect you like a momma bear does her cub. Also, screens their vendors rigorously, whereas PayPal doesn't. (When the original founder of PayPal sold-out, the integrity went with him.
Best wishes,
Peter Zimbelman
Posted by: Kim Price | Jul 4, 2009 1:03:41 PM
This is kind of ironic because just about 2 years ago my husband received a PayPal phishing email, and being the computer savvy guy that he is (over IT for a large local branch of a very large corporation), he ignored it.
But, it turns out it really was from PayPay and because he didn't verify his account, they shut it off (which later caused some trouble). Even though this took place a couple of years ago, it was recent enough that it was shocking PayPay would expect any intelligent person to respond to that type of email.
My husband expressed his astonishment at their injudicious business practices. It is unlikely that this is something they would still do. However, regardless of whether an email is valid or not, it is never a good idea to click on the links in the email. If you believe it may be a "real" email, go to the companies website and check from there.
It is unreasonable that any company would hold you accountable to responding to this type of email, via links in the email. Don't let them, and if they try, call them on their stupidity.
Posted by: King | Jul 3, 2009 1:40:20 PM
Also familiarize yourself with payment confirmation messages the first time you order from any vendor or using any payment system. A real PayPal payment message does not contain the "cancel transaction" stuff at the bottom. Why would they? They don't want you to cancel a (real) transaction. That's the giveaway in this message, scare you and then helpfully provide the link for you to "fix the problem" (i.e., fall for the scam). The other giveaway would have been that you would not have gone to paypal.com if the link had worked. If you do click on such a link, pay attention to where you land.