Options
Paypal spoof email
DavidTO
Registered Users, Retired Mod Posts: 19,160 Major grins
I got an email the other day that was apparently from Paypal. Knowing that Paypal will NEVER ask for you to update your account info via email, I forwarded it to spoof@paypal.com, and got this response. Note that they use email addys and URLs that look like PayPal, but they're not. Also, you can't see it in the attachment, but they also used PayPal's logo. Very deceptive, and something everyone should look out for.
Thank you for writing to PayPal regarding the email message you received
that appeared to be from eBay.
As you may have already suspected, this email was not sent by eBay.
These emails, commonly referred to as spoofs, are sent by fraudulent
sources posing as eBay in an attempt to collect sensitive financial
information or passwords.
Please know that PayPal and eBay is committed to the security of our
sites and our members. We review every report we receive and forward all
vital information on to the appropriate authorities for further action
and tracking. We work actively and aggressively in partnership with many
agencies, ISP's and law enforcement groups to support their
investigation of these fraudulent entities. As a public company, we rely
on the same agencies you do to pursue these fraudulent activities. You
may also wish to contact your ISP or email service provider for further
information or instructions.
Now that you have received a spoofed email, your email address has been
collected by a fraudulent source. As a result, you may continue to
receive spoofed emails for some time as these groups move from ISP to
web hosting sites setting up fraudulent email addresses, fake sites and
sending spoofed emails. PayPal and eBay has enacted several preventative
measures and increased information available on both sites help pages to
help educate our members in spotting fake emails.
In the future, we advise you to be very cautious of any email appearing
to be from eBay or PayPal that asks you to submit financial information
such as your credit card number or any type of password. As for eBay,
they will NEVER ask you for certain financial information such as
passwords, bank account or credit card numbers, Personal Identification
Numbers (PINs), or Social Security numbers in an email. All sensitive
information should be submitted on a secure page located on the eBay or
PayPal site.
If you have any doubt about whether an email message is from PayPal,
please forward it immediately to spoof@paypal.com. For eBay spoofed
emails, please forward those to spoof@ebay.com. Please do not respond to
it or click on any of the links in the email message. Please do not
change the subject line or edit the email in any way.
If you have already entered sensitive information as mentioned above,
you should take immediate action to protect your identity and online
accounts. If you only clicked on a link inside of a spoofed email, you
may also want to run a security scan on your computer. eBay has a help
page with valuable information regarding the steps you should take to
protect yourself. Below is a link to this page:
http://pages.ebay.com/securitycenter/index.html
Once again, thank you for alerting us to the spoofed email you received.
Your vigilance helps us ensure that PayPal and eBay remain a safe and
vibrant online marketplace.
Sincerely,
PayPal Account Review Department
PayPal, an eBay Company
*******************************************
Important: eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account numbers, Social
Security numbers, etc.) in an email. Learn more account protection tips
at:
http://www.pages.ebay.com/help/account_protection.html
____________________________________________
For the latest eBay announcements, please check:
http://www2.ebay.com/aw/announce.shtml
_____________________________________________
************************************************************************
This
email is sent to you by the contracting entity to your User Agreement,
either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is
authorized and regulated by the Financial Services Authority in the UK
as an electronic money institution.
************************************************************************
Original Message Follows:
Begin forwarded message:
From: "PayPal" <service@paypal.com>
Date: January 11, 2005 10:18:14 PM PST
To: <my email address removed by me to protect me from people like this>
Subject: Customer Notification From Paypal
Reply-To: "PayPal" <service@paypal.com>
[ Attachment 1.3 Type: image/gif]
[ Attachment 1.3 Type: image/tiff]
Dear valued PayPal
® member:
It has come to our attention that your PayPal
® account information needs to be
updated as part of our continuing commitment to protect your account
and to
reduce the instance of fraud on our website. If you could please take
5-10 minutes
out of your online experience and update your personal records you
will not run into
any future problems with the online service.
However, failure to update your records will result in account
suspension.
Please update your records on or before January 28, 2005.
Once you have updated your account records, your PayPal
® session will not be
interrupted and will continue as normal.
To update your PayPal
® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Thank You.
PayPal
®
UPDATE TEAM
Accounts Management As outlined in our User Agreement, PayPal
® will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any
questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-
outside
0
Comments
Very deceiptive, I agree. All the link texts seem to point to paypal, but inside they are all pointing to some bogus site.
Hopefully nobody falls for this trick..
Cheers!
You don't even HAVE a paypal account! I get account update requests from banks I don't have accounts at too!
I looked at a spoof email once, just to see what it was and they asked for my PIN number! When you set up an account for PayPal they don't even ask for a PIN number! That was a dead on clue the e-mail was spoof and up to no good.
I was really annoyed though that eBay and PayPal don't put a huge spoof warning on their front pages, where they belong. They make you hunt around to even find out about the spoof mail and what to do and what not to do about them. It makes it seem like eBay and PayPal are unaware of the problem and/or just don't care enough to warn their customers. That annoys me the most.
http://www.twitter.com/deegolden
I got another today, trying to get me to update my Amazon info.
I alerted amazon at stop-spoofing@amazon.com
Dgrin FAQ | Me | Workshops