Almost Fooled by PayPal ScamWritten by Rosalind Gardner on September 15, 2006 · Comments (4) |
I almost got fooled by another one of those PayPal “phishing” scams awhile back. Below is a screen capture of the email that I received. Notice how the “Who” indicates that it’s from “PayPal Customer Support” and the “Subject” line is “Security Notice No:15768″.
The scammers even included the warning:
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in at PayPal’s website. If anyone asks for your password, please follow the Security Tips instructions on the PayPal website.
Hmmm… nice scammers! Fortunately, the Eudora email software saved my bacon… again! When I cursored over the link in the email this pop-up appeared:
The actual host http://www.qd-race.com/images/.www.paypal.com/index.html?cmd=_login-run is different from the host https://www.paypal.com/cgi-bin/webscr/?cmd=_login-run
If your email software doesn’t do that, then it’s time to check the full headers within the email itself.
The headers within that particular email contained “From: Paypal Customer Support
However, the real story was further below:
X-AntiAbuse: Sender Address Domain - ns2.73dpi.com
X-SA-Exim-Mail-From: international-express@ns2.73dpi.com
Don’t get fooled!
Cheers ~ Ros
Popularity: 4% [?]
If you found this post helpful, subscribe to the No-Hype, No-BS, No Spam NPT newsletter for exlusive information, tips and strategies. Thanks for visiting!
Comments
4 Responses to “Almost Fooled by PayPal Scam”
derek on September 15th, 2006 6:40 am
Hi, Rosalind, I always check any emails from Paypal or any other payment processors, or banks.
Right click on email, click properties, then details, see if its really from them.
I never login to accounts via emails.
If something needs your attention, go directly to their site and login there, and check messages etc.
If you’re unsure if an email is from them contact them via their website.
Like most I get loads of these emails everyday but very rarely are they from Paypal.
Regards
Derek Pryde
Hello Derek, You’re absolutely correct and I think that the ‘never login to accounts from email’ is especially wise advice. Thanks
Ros
[Reply]
lloydh on September 19th, 2006 9:35 am
Recently I nearly got had by an email phishing scam purporting to be from Ebay.
The email said that there was a dispute and that I had failed to send out an item and that the registered complaint was being investigated.
Thinking more about the fact that I had not sold this particular item and worrying that I might get bad feedback, I clicked on the link and was taken to my ebay check in page.
It looked identical and I was about to “login” when my ebay toolbar popped up warning me that this was a dodgy site.
PLEASE make sure you warn your members about this. I was lucky to have the the ebay toolbar installed. Others might not be so lucky.
I never fall for these generally but it was so convincing. So, a warning to all…. TAKE CARE…
Lloyd
The only way to succeed, is to take action
[Reply]
sbm on September 22nd, 2006 6:59 am
Hi Rosalind,
There’s another way to know whether an email is really from Paypal or eBay. If you’ll notice the fake email that you received greets you as “Dear Paypal User”. Legitimate emails from Paypal and eBay always address you by your member name.
There ya go… another good tip for ferreting out the scammers. Thanks, Sharon! ~ Ros
[Reply]
Murray on May 4th, 2007 12:32 pm
Hi Roz: Sharon is right except that they address you by your real name - the one you were given at birth. Your user name, according to Paypal and eBay, is your signin or login name. The s*c*a*mers have no way of knowing your real name unless they have bought from you or sold to you. Just wanted everyone to have the real skinny. Murray
[Reply]