Tricky scam I ran into...

[DPDarkPrimus]

I "recieved" an email from PayPal today.

The quotation marks are there because it wasn't really from PayPal. It read as "service@payapal.com", but checking the details with Gmail, it was actually mailed from vps354.dns6.com.

It had the stock PayPal form about activity that would have led them to believe it was accessed by a third party, etc, etc, please verify or we will close your account.

Well, I knew that there hadn't been any 3rd party activity, because I checked my back account balance just yesterday. Also, clicking on the link to "update my info", I noticed the URL wasn't actually PayPal.com... also, in the info you have to use to verify your info, it asks for my SSN. Hah, yeah, nice try guys.

Doing a search through my folder shows an exact same email from a couple weeks back that I never opened, as well.

I'm just letting you folks know about this because they showed up in my Inbox, not the Spam folder.

[J]

I've been seeing those in my email for some time now, looks quite real and official and might've fooled me...except the email account where I'm receiving them isn't the one that's associated with my Paypal account. I also get a lot of similar emails from "Bank of America" and other US financial institutions claiming I need to verify my account, well, guess what? I don't have any money in US banks!

[Edi]

Banks and other financial institutions do not send their clients emails asking for such info. They already have the info as well as your phone contact info and if there is something fishy, they will cal you. Anybody even considering an email message as described above as legitimate is a moron.

Edi

[Arrow]

We use to get those emails all the time at work. We had a good time critiquing the emails, seeing how official they looked. Only a few didn't have spelling errors. And we'd always compare the link in the email to the real company's IP address. That was a fun way to kill a couple of minutes. Too bad the new spam filter works so well...

[FSTargetDrone]

Many of these phishing mails I've gotten are similar. They also have images of a block of text instead of actual text in the body of the message that lead dubious sites. And you will almost always see misspellings or grammatical errors (which is an instant warning for those who pay attention), though they do seem to be getting better.

Don't click on the links in such mails. I don't even open them now. I just send them straight to the trash folder where they are unceremoniously and electronically shredded each night.

(edited to fix my own mistakes...argh.)

[Icehawk]

I just got that one today too, my email system automatically detected it as junk.

[The Yosemite Bear]

me too a couple of years ago

[General Zod]

I see these all the time. It's one of the main reasons I make it a point to never open any email unless I'm expecting it or I know exactly where it's from.

[Darth Wong]

Unfortunately, schemes like this don't have to fool everyone. If a scheme like this works on 0.1% of the people who receive it, the crooks are laughing all the way to the bank. That's what's so awful about Internet scams.

[Admiral Valdemar]

Unfortunately, schemes like this don't have to fool everyone. If a scheme like this works on 0.1% of the people who receive it, the crooks are laughing all the way to the bank. That's what's so awful about Internet scams.

Common sense, you mean. That's what's awful about people lacking "common" sense. I don't reply to legit e-mails from that shite middleman site that is PayPal, nevermind scam ones phishing for my details.

I've never had anything like this on Gmail, only ever Hotmail, which I don't really use for e-mail stuff now except a few things my MSN addy is still listed with.

[Ted C]

Also, clicking on the link to "update my info", I noticed the URL wasn't actually PayPal.com...

You clicked the link? That could be bad. Hope you've got a good spyware filter running, because there's no telling what you might have downloaded if you don't. You should probably run a scan, just to be on the safe side.

[Darth Servo]

Seen it plenty of times. They often have urls in them that link to a page that looks like paypal but the actual address is completely different.

This is right along side the "representative of the bank of Nigeria" scams.

[aerius]

I get those a lot, and that's why I like Firefox. Mouse over the link...hmm...that ain't right, kill. It's almost as satisfying as watching Thunderbird's adaptive spam filter whack all my spam mails.

[The Yosemite Bear]

yeah, I have my system print out who everything is really from, disable all graffics, and HTML links (so that they are all nekkid and I can click them if I want to)

[Admiral Valdemar]

If it doesn't have HTTPS in the link, then it's fake.

[The Yosemite Bear]

i also think it's funny how much spam, and malware I bypass just by stipping down all my incomming messages so that I can view attachment's seperatly. just plain text and quarentined folders.

[General Zod]

Seen it plenty of times. They often have urls in them that link to a page that looks like paypal but the actual address is completely different.

This is right along side the "representative of the bank of Nigeria" scams.

It's somewhat more clever at least. Most people have used Paypal, or are familiar with the various banking companies that are used by scammers. On the other hand how many people have any type of connection to Nigeria whatsoever?

[Enforcer Talen]

Ive gotten a couple. As the last time I used paypal was years ago, I ignored it.

[DPDarkPrimus]

Also, clicking on the link to "update my info", I noticed the URL wasn't actually PayPal.com...

You clicked the link? That could be bad. Hope you've got a good spyware filter running, because there's no telling what you might have downloaded if you don't. You should probably run a scan, just to be on the safe side.

Nothing new came up on the daily scan.

[Magus]

It's somewhat more clever at least. Most people have used Paypal, or are familiar with the various banking companies that are used by scammers. On the other hand how many people have any type of connection to Nigeria whatsoever?

Sure, but there's probably some Nigerian banker out there who really needs to get some money transferred out of the country, but can't understand why he repeated receives flames to his pleas for help.

[bilateralrope]

I'm just waiting for one of these scams to actually pretend to be from my current bank. Or at least a New Zealand bank as my email address is .co.nz.

[Darth Servo]

I'm just waiting for one of these scams to actually pretend to be from my current bank. Or at least a New Zealand bank as my email address is .co.nz.

Why? So you can report them to the authorities? Good luck.

[FSTargetDrone]

I got one of these yesterday:

Received: from 66.113.130.225 ([172.18.12.132])
by vms043.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr
3 2006)) with ESMTP id <0JCQ00CZOCSVUKA0@vms043.mailsrvcs.net> for
XXX@XXX.XXX; Wed, 31 Jan 2007 05:19:44 -0600 (CST)
Received: from lsh134.siteprotect.com (66.113.130.225)
by XXX@XXX.XXX (MailPass SMTP server v1.2.0 - 112105154401JY+PrW)
with ESMTP id <4-14985-81-14985-6-1-1170242562> for XXX@XXX.XXX;
Wed, 31 Jan 2007 05:22:43 -0600
Received: (from meacsports@localhost) by lsh134.siteprotect.com (8.11.6/8.11.6)
id l0VBJhG07362; Wed, 31 Jan 2007 05:19:43 -0600
Date: Wed, 31 Jan 2007 05:19:43 -0600
From: PayPal <service@paypal.com>
Subject: Please Update Your Billing Information
X-Originating-IP: [66.113.130.225]
To: XXX@XXX.XXX
Reply-to: service@paypal.com
Message-id: <200701311119.l0VBJhG07362@lsh134.siteprotect.com>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 8bit


Protect Your Account Info

Make sure you never provide your password to fraudulent websites.

To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal URL (https://www.paypal.com/us/) to be sure you are on the real PayPal site.

(Note that it even warns you to make sure you are going to a legitimate site!)

PayPal will never ask you to enter your password in an email.

To learn more about protecting yourself from fraud, visit the Security Center. Click "Security Center" on the bottom of any PayPal page

Protect Your Password

You should never give your PayPal password to anyone, including PayPal employees.

Update Your Information !

(Separated exclamation mark looks funny, but there's more...)

Dear PayPal Member,

Unusual account activity has made it necessary to limit sensitive account features until additional verification of information can be collected.

Case ID Number: PP-931-307-389

You must click the link below and enter your password on the following page to confirm your billing information.

Click here to restore you account access

(Actually, this goes to "+http://www.ardcg.com/exponent-096/views ... _login-run#" and the 2 other links provided in the mail where it says to go or to click "here" or whatever go to exactly the same place.)

All restricted accounts have their billing information unconfirmed, meaning that you may no longer send money from your account until you have update your billing information on file.

We apologize for any inconvenience.

Sincerly,
PayPal Account Rewiew Departament.

(THREE spelling errors!)


--------------------------------------------------------------------------------

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.

To receive email notifications in plain text instead of HTML, update your preferences here.


--------------------------------------------------------------------------------

PayPal Email ID PP059

The italicized text in parentheses above is mine. It is of course painfully obvious that it is bogus as I have no PayPal account with the e-mail address this was sent to. I have no doubt that were I to click on the links provided in the mail, I would be sent to a very authentic-looking but completely fake "PayPal" site that wants my Social Security number, credit card numbers, etc.

The "+www.ardcg.com..." links are evidently connected to a Malaysian company called "ARD Consulting Group (M) Sdn Bhd" whose website claims it provides "security" services. That may well be true, but there is no way in hell I would accept that as a legitimate link to click in an e-mail claiming to be from PayPal. Certainly not from an official company e-mail that has 3 obvious spelling errors.

[Ted C]

The italicized text in parentheses above is mine. It is of course painfully obvious that it is bogus as I have no PayPal account with the e-mail address this was sent to. I have no doubt that were I to click on the links provided in the mail, I would be sent to a very authentic-looking but completely fake "PayPal" site that wants my Social Security number, credit card numbers, etc.

In addition, it would probably attempt to install spyware on your computer and put your email address on a "sucker list" for sale to other spammers.

The "+www.ardcg.com..." links are evidently connected to a Malaysian company called "ARD Consulting Group (M) Sdn Bhd" whose website claims it provides "security" services. That may well be true, but there is no way in hell I would accept that as a legitimate link to click in an e-mail claiming to be from PayPal. Certainly not from an official company e-mail that has 3 obvious spelling errors.

It's also possible that ARD Consulting Group is a legitimate business with poor computer security (hopefully not the "security" service they're selling). It's quite possible that some spammer compromised one of their servers and installed software to send and handle these messages.

[FSTargetDrone]

In addition, it would probably attempt to install spyware on your computer and put your email address on a "sucker list" for sale to other spammers.

No doubt. That's why no one should ever click on any links in e-mail, especially from mail that he or she is not expecting.

It's also possible that ARD Consulting Group is a legitimate business with poor computer security (hopefully not the "security" service they're selling). It's quite possible that some spammer compromised one of their servers and installed software to send and handle these messages.

Certainly possible. Their website states:

ARD Consulting Group is a value added distributor focusing on providing best of breed security solutions via strategic partnerships with organizations keen on establishing their presence in Malaysia. Since 2001, these solutions have provided or enabled our channel partners to use them as a source of competitive advantage.

Our solutions could be generally grouped into 4 categories:

* End point security
* Application security
* Perimeter security
* Data / Information security & availability

We believe that these solutions will enable organizations to secure key applications faster, provide better manageability and create a more resilient infrastructure. To enable us to drive these solutions through to our value customers we realize the importance of securing key vertical market accounts and continuously strengthen our relationship with channel partners.

One would hope that they would be on top of these sorts of things, but who knows.

Part of that e-mail I got looks to be lifted directly from PayPal. The second half ("Dear PayPal Member...") seems more haphazardly written.

Nice try, but I'm sure they still sucker enough people to make it worthwhile.