NSR - Online Fraud... please read

mmglobal · #1 (**permalink**) 06-03-2007, 01:31 PM

I just got an email that is the most convincing phishing attack that I've seen.

Phishing : A phishing attack is an online fraud technique which involves sending official-looking email messages with return addresses, links and branding that all appear to come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website and mislead account holders to enter customer names and security details on the pretence that security details must be updated or changed. Once you give them your information it can be used on legitimate sites to take your money.

The offending email looks like it came from PayPal. It says:

PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

--------------------------------------------------------------------------------
Why is my account access limited?

Your account access has been limited for the following reason(s):

June 03, 2007: It has come to our attention that your PayPal billing information are out of date. This require you to update your billing information as soon as possible.
This billing update is also a new PayPal security statement which goes according to the established norms on our terms of service (TOS) to reduce the instance of fraud on our website.

Please update your records on or before June 03, 2007. A failure to update your records may result on a suspension of your account.

To update your PayPal records click on this link (link didn't make it in the cut and paste)

This new security statement will helps us continue to offer PayPal as a secure and cost-effective payment service. We appreciate your cooperation and assistance.

Sincerely,
The PayPal Team

(Your case ID for this reason is PP-227-460-629.)

--------------------------------------------------------------------------------

Copyright © 1999-2007 PayPal. All rights reserved.

--------------------------------------------------------------------------------

The format of the email looks perfect. Even the link to click looks like a PayPal link... but it's not....

http://www.paypal.com.login.1c611cd....run/webscr.htm

This looks like it goes to PayPal.com, but really this is 1c611cd.com. That domain does not inspire much confidence if I'm going to go somewhere and log in with my PayPal info....

Please do not click on a link an log into a banking system as a response to an email or a website unless you are absolutely sure!!!!

I know too many people who've lost thousands this way.

Mark

Maria · #2 (**permalink**) 06-03-2007, 08:38 PM

Long ago I discontinued a PayPal account but then about a year later started receiving something like this. I am always extremely wary of anything asking for updated personal information such as SS number.

Thanks for this heads up.. what I received looked exactly like a PayPal website. Also had received a banking one that was not kosher~ scary stuff!!! BEWARE! or rather Be Aware!

dshobbies · #3 (**permalink**) 06-04-2007, 05:34 AM

Mark,

I've gotten this particular email many times, as well as others from banks, including ones I've never used. A little known but sometimes very effective way to tell if your link is secure...
ALL secure links or website addresses begin not with http: but with https:, the s meaning secure. If you'll note, your link did not contain that all important S.

See, all those years of watching those damned discovery channels paid off.

Dale

Maria · #4 (**permalink**) 06-07-2007, 05:34 PM

Dale,
thanks for this info! Very helpful!

mmglobal · #5 (**permalink**) 06-15-2007, 04:19 AM

Reply from Paypal:

Quote:

From: spoof@paypal.com [mailto:spoof@paypal.com]
Sent: Sunday, June 03, 2007 7:00 AM
To: Mark S. Mintzer
Subject: RE: Q510 - Thank you for your email to PayPal (KMM83204336V79225L0KM) :kf1

Dear Mark S. Mintzer,

Thank you for taking the time to contact spoof@paypal.com. The email you reported was not sent by PayPal and is a phishing (fraudulent) email.

-------------------
What to do Next
--------------------
Delete the phishing email. If you've already responded to the email, please log in to your PayPal account and perform some important safety measures.

1. Go to your Profile and change your password and security questions.

2. Review the payments listed on your Account Overview.

If you notice a payment that you don't recognize, visit the PayPal Security Center to file a claim. We'll promptly investigate any suspicious transactions and you won't be held liable for unauthorized payments sent from your account.

-------------------------------------
Visit the PayPal Security Center
-------------------------------------
In the new PayPal Security Center you'll find fraud-fighting tips, tools, and technology.

You'll learn:
* Ways to stay safe online
* How to spot fake emails
* What to do if you suspect unauthorized activity in your account

You'll also find tools to help protect against identity theft:
* Equifax credit alerts: Receive notifications about activity on your credit accounts
* eBay Toolbar: Download a toolbar that warns you when youre on a potentially fraudulent web site

-------------------------------------
Safeguard Your Account
-------------------------------------
Phishing emails often try to get your attention by telling you that there's a problem with your account.

One way to figure out if an email is really from PayPal is to open a new browser and log in to your PayPal account. Any important information about your account will be displayed once you are logged in.

------------
Thank You
-------------
By alerting us to this phishing email, you're taking an active role in keeping the PayPal community safe. Users like you are our greatest partners in combating spoof.

We'll use the information you provided to work with law enforcement to shut down the fraudulent website.

Sincerely,

PayPal

************************************************** **********************
Remember, PayPal will never ask you for your password in an e-mail.
There are no exceptions to this policy. If someone claiming to be from
PayPal asks you for your password in response to an e-mail, you should
refuse to provide it and contact us. To contact PayPal, go to the PayPal
Help Center and click the "Contact Us" link.

************************************************** **********************
This
email is sent to you by the contracting entity to your User Agreement,
either PayPal Inc or PayPal (Europe) Limited. PayPal (Europe) Limited is
authorized and regulated by the Financial Services Authority in the UK
as an electronic money institution.

************************************************** *********************

mmglobal · #6 (**permalink**) 06-15-2007, 04:22 AM

Websites that begin with https use a security encryption system that insures that data is transmitted in an encrypted format. That way, someone cannot monitor the netork (wireless or wired) and read account names/numbers/passwords or other data "in the clear".