Knitting. Yarn. Fiber artistry. More knitting. Nursing school. Hospice work. Death and the dying process. Phoenix Raven's. Knitting. Yarn. Oh, and Life As An Air Force Wife.
Protect your account!
Published on October 19, 2005 By dharmagrl In Internet

I have a PayPal account that I use mainly for purchasing things on eBay. It's directly linked to my checking account. I haven't bought anything from eBay for a while....like a couple of months. 

So, imagine my surprise when I found a receipt from PayPal in my inbox this morning.  Apparently, I had purchased a $300 watch.

My heart was in my throat....$300 out of my checking account wouldn't leave me in the red, but it would mean that I wouldn't have the money to kit the kids out in Halloween costumes or buy groceries for the rest of the week. 

Then I noticed something that I found highly unusual.  At the bottom of the receipt was a link that said 'click here to dispute this charge'.  Hmm.  None of the other PayPal receipts I've received have had that on them.  Curious, I clicked on the link.

A Microsoft warning window popped up, telling me that if I continued I'd be directed to a site whose url wasn't formatted properly.  That was all the validation I needed, so I closed the pop-up, and forwarded the email to spoof@paypal.com.

If I had followed the link and completed the required 'validation' (which would probably have included my password and checking account number) I'd have basically left my checking and PayPal accounts wide open for theft and manipulation.  It was only because I knew I hadn't purchased anything via PayPal recently and the unusual 'dispute this charge' link that I knew something was not right with the email, and the pop-up warning me about the URL simply confirmed my suspicion.

But what if I HAD bought something?  What if I thought that my husband had bought something for me?  What if I hadn't had the program that created the pop-up installed?  I could have easily have given out my information, including my password and bank account information, and I'd probably have ended up a victim.

So, if you use PayPal, please be aware that this is happening.  If you get an email like this, please forward it to PayPal's spoof department and let them take care of it.

Protect yourself and your information.  Don't end up a victim.


Comments (Page 2)
4 Pages1 2 3 4 
on Oct 19, 2005

so beware- if you can't copy it then it's a phish!

 

Excellent advice, thanks very much!

NOT ONCE has any one of you mentioned the fact that the spam itself is not anything close to what we know on the internet as HTML or TEXT. If any of you have tried to copy it, you could have stayed glued to your computer screen until the age of 100!

D'oh!  I had meant to mention that before I took a nap...then got so caught up with the NY department of Investigations that it totally slipped my mind!  Thanks for the reminder!

 

on Oct 19, 2005
Thanks for the post.

Good looking out.
I asdded this article to my favorites list on my sub-url, and I think others should do the same.
on Oct 19, 2005
Good looking out.
I asdded this article to my favorites list on my sub-url, and I think others should do the same.


Gosh....I'm flattered. Thank you!
on Oct 19, 2005
i've gotten some like that before - not necessarily on buying a $300 watch lol but they sure do try to make those emails and webpages look pretty official i've reported it before also.. sad people do that stuff
on Oct 19, 2005
they sure do try to make those emails and webpages look pretty official


Most of the time, it's easy to spot discrepancies. A lot of them have spelling mistakes in them or grammatical errors that are blatantly obvious. Other times, they've got the wrong information - the last one I got from my bank had spelled my name wrong.

I get more spam than the average person. I while ago (March, to be exact) some assclown decided to snow me under with spam. They also decided to order products in my name...I had books and magazines in my mailbox, bills for things that I didn't order...it was insane (and I know who did it. They think that I'm oblivious still, but I'm not). So, I get a fair few of these fake messages, but this one today was by far the best one yet.

I can't help but believe that the company that the watch was 'bought' from is involved. I've been trying to contact them via phone, IM and email all day, and have yet to get any answer. I even left my number on their answering machine once, and they never called me back. For a company that's selling high-end watches, that's kind of unusual, wouldn't you say? Anyway, the complaint's been filed, and NY DOI is looking into them.
on Oct 19, 2005
Thank you for the heads up, dharmagrl. I never use Paypal or Ebay myself, but my wife occasionally does, so I'll be sure to warn her of this scam.
on Oct 19, 2005
well for the average person they are official looking - all i do is look at the url for where it's going usually a dead give-away, or if it's supposed to be a https, and they are using http i use paypal all the time for stuff, including on ebay. (i'm so sad - i even have a paypal debit card lol). really i think paypal is pretty safe.. just have to keep watch of your funds and be aware of this stuff.
on Oct 20, 2005
I just got one D, today, telling me I won the English lottery and won for over 8 million pounds sterling.

Maybe I will post this scam later in day.
on Oct 20, 2005

well for the average person they are official looking - all i do is look at the url for where it's going usually a dead give-away

Exactly.  So, if the average person sees this $300 charge in their inbox that they know they didn't make, they're going to follow the 'dispute this charge' link, not knowing that the URL is bogus.....and the phishers have what they want.

Thank you for the heads up, dharmagrl.

You're very welcome.  That's the entire reason I posted this article....to let other people know that there's a very valid-looking email making the rounds.

I would encourage anyone who recieves and email similar to this to try and contact the company that you supposedly bought goods from.  If you can't contact them, please try and contact the District Attorney in the state the company is in and ask how you would go about filing a fraud complaint.  Most DA's offices are more than happy to help you, as are Better Business Bureau's (you could always contact them if you can't contact the DA).

If we all try to put a stop to this instead of just deleting the emails and letting this go....well, maybe we can out some of these phishers out of business AND see them prosecuted.  Yeah, some of you may think that it's frivilous, that I'm making a big deal out of nothing - but let me ask you this:  if you failed to do anything and the next person that got an email like this fell for it and had money taken out of their account, how would you feel?  I know that I'd feel pretty awful.

on Oct 20, 2005

I just got one D, today, telling me I won the English lottery and won for over 8 million pounds sterling.

I got several of those as well.  I did not even know that England had a lottery.

on Oct 20, 2005

I did not even know that England had a lottery.

Yep, it's a national thing.  Been going for about 15 years now.  My mum's won a few times, 50 pounds here and there.

I just got one D, today, telling me I won the English lottery and won for over 8 million pounds sterling

This PayPal ones a little different, MM.  This isn't just a random one, they had my user name and told me that $300 had been taken out of my account for a watch.  That's a bit different than an email telling you that you had won something that you never even entered.

How would you react if you got an email receipt from your bank, confirming a withdrawl for $300, telling you that if you clicked on the link within the email you could see the details of the transaction?  That's basically what I got yesterday, and it was pretty darn authentic looking.   

I STILL can't reach the company that supposedly sold me the watch. 

on Oct 20, 2005
I've had the one from PayPal, also similar from ebay. Both of them well done but too obvious its phishing. Both were caught by my ISP's spam filter (BTInternet).   Sadly, some people still fall for these bogus e-mails...

Posted via WinCustomize Browser/Stardock Central
on Oct 20, 2005
I always delete emails that claim to be from any source that might want money without even thinking about it.

I am convinced that whoever really wants me to pay for something will eventually send me a real letter. And I would notice if I did pay 300 quid for something when I look at my bank statements online in the evening.

I don't know why anybody would even consider relying on email messages for keeping track of expenses. And I don't recommend that anybody do that.
on Oct 20, 2005

How would you react if you got an email receipt from your bank, confirming a withdrawl for $300, telling you that if you clicked on the link within the email you could see the details of the transaction?


Constantly get those, always delete them without any further thought. My banks don't send me emails to keep me informed. They have online banking, phone banking, branch offices (with phone lines), and snail mail statements for that.

All four are more difficult to tamper with and it is almost impossible to forge two of them in the same way.

Never, ever follow links in emails! Always type the link yourself (copying from whatever ad the bank sent you) or use a bookmark you yourself created.

I follow these guidelines for all my bank accounts and credit cards. I also occasionally call the phone banking mechanism and the branch office to see whether everybody agrees about the status of my accounts.
on Oct 20, 2005
The best advice is no matter what type of email you get, never click on a link. Even if you think you can trust them.
Open up another browser window and go to the site directly and check your account. This will always save you a lot of headaches


Thanks! I can't be reminded of this enough, and still have to form the habit of following thru w/these procedures. Also, after re-reading this article and replies today, I found d'girl's mention of contacting authorities to report the offense (D.O.J.?, etc.) to be sound advice. Happy Halloween, all, from Eastern Idaho
4 Pages1 2 3 4