Sign in to follow this  
Guest

Paypal "Account Verification" scam

Recommended Posts

Just a warning that I started receiving email variations of this old scam again a couple of days ago. Since I've never used Paypal, one can smell the fraud a mile away. I do forward these emails with complete MIME headers and html source to "accessviolation@paypal.com" which is their fraud department. What's interesting (I received this at my hotmail address--the same one I use for supporting my MSFS add-ons) is the last paragraph in the email text.Fellow Simmers, a good rule of thumb to follow--don't give out any personal information in response to an email like this. The link in the email asks for credit card numbers, PINS, DOB, address, mother's maiden name, etc... I suspect the scam suckers some into giving the information, since it's been circulating for a long time and seems to come in "spurts".What follows is the text of one of the scams:-John_______________________During our regular update and verification of Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information. To update your account information and start using our services please click on the link below: Click Here to Update your Billing Records Note: Requests for information will be initiated by PayPal Business Development; this process cannot be externally requested through Customer Support.Note for Hotmail users: Hotmail has applied anti-fraud plug-in. When users click on a link on webmail it displays a Pop-Up Window with message: "You have clicked a link that leads to unsafe site" ... follows. Please click "OK" to be able to update your billing records.Sincerely,PayPal Accounts Department._______________________

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Yeah, I get tons of these with various times between onslaughts..I do as you do and report each and every one to PayPal or Ebay (since they own PayPal)Can do no more than that except to NOT respond or click on any links found in them.Be sure and "Check six" with this stuff :-)

Share this post


Link to post
Share on other sites

I recieved one that looked pretty authentic asking me to update my account. It linked to the actual paypal sight and didn't ask for any email response. I didn't bother since I'm sure I can do this the next time I use the service anyways.Problem is it can be tough to know the difference between the good and bad now, but the easiest thing is to just go to the actual website.

Share this post


Link to post
Share on other sites

I've gone a step further and have disabled html content and image display in my hotmail settings. It lessens the risk of spam when you receive those cleverly crafted spam messages that actually seem authentic. Many don't realize that opening html enabled spam can "authenticate" an email address and thus expose one to an even greater level of spam.-John

Share this post


Link to post
Share on other sites

"...It linked to the actual paypal sight and didn't ask for any email response...."If you examine the source of the email, you'll find the link actually isn't to a Paypal site at all--it's to a "spoofed" site that is set up to look like the bona fide Paypal site.Paypal security has responded to me on a couple of instances and says their flat policy is they do not solicit personal information via email. If you received one of these, you were hit with one of the scam emails. For Web commerce, the only info I would provide is a credit card number, name, address, spambait email (like yahoo or hotmail), and business phone. I would never (and nobody should ever) provide a PIN, SSN, Mother's Maiden name, DL#, DOB or anything else that. For job-hunters, this is really important to know: Some posted "jobs" that offer only email or FAX #'s for contact are actually personal data collection scams. I advise people not to submit such info unless the employer has a verifiable address, web site, and a voice means of contact. If it means less job opportunity (I've been out of work a couple of times in my late 20's early 30's), that's a trade off I'd be willing to take.Even worse, some "head hunting" agencies are actually fronts for collecting personal data or for filling low wage jobs. They use a "Bait and switch" approach--they bait you with a job offering a salary in say, the 60's, and you go down and they say the position's been filled but would you be willing to work for a call center--salary $7/hr. Meanwhile, they gather your personal data, like your SSN, and put you into a database that sticks you with cold calls for the next several years.Personal data is a treasure we all have to safeguard and I'm afraid as the world grows more electronic, more of our time will be taken up "guarding our personal turf".

Share this post


Link to post
Share on other sites

That was an interesting read, John. Thanks.Some of those scams are pretty well done and it's easy to get sucked in.On the other hand, a few are really bad. My favorite was one I got from a bank. The "to" line was something like "larrysik;larrysil;larrysim;larrysin;larrysio" at myisp.com. It actually went from larrysia through larrysiz. I ended up changing my address to something that doesn't use my name in it when I realized there were probably a lot of other places doing the same thing, but sending to each one separately instead of a bulk mailing.

Share this post


Link to post
Share on other sites

That was a smart move to change your email address to something not containing your name.One method spammers use is email address "following". Let's say you've used an address of johnc@hotmail.com. Spammers will generate emails using "johnc@" to just about every domain out there. They apply the often true logic that a user besieged with spam will change services, but not their email name so it's easier on family and friends.I advocate using "strong" email addresses, with no words and with a mix of numbers and letters. An example might be 10jc94@hotmail.com. The numbers are easy to remember if they have meaning to you. I really didn't adopt this until last year, but it's been effective on my most private email address. No spam has ever come it's way. My hotmail address, which borrowed my name from a previous service, was hit with spam within minutes of setup.Also, most anonymous email services like hotmail enroll users in their address book by default. Bad move on the user's side not to turn that off. The same is true of class reunion sites and many forums. After the US passed it's anti spam law, spam trickled down for me to one or so a week, but has ramped up again to 5-6 a day. It's sent to the address I use to support Autoland and Landclass Assistant, and I just delete 'em as I find 'em.-John

Share this post


Link to post
Share on other sites

Hi John...I am an IT security manager for a large multi-national company, and we deal with this sort of thing daily. It is called "Phishing".Its getting pretty widespread and devious. A good source for information can be found here:http://www.antiphishing.org/Thanks for the heads up!bt

Share this post


Link to post
Share on other sites

These sites are more devious.They often link to the graphics on the actual site so as to have as many URLs in the html be genuine...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this