Monday, September 24, 2007

Phishing PayPal

We recently received an email from "PayPal." Only it was not from PayPal.


Of course we didn't recognize the $93.12 charge, and had we not been aware of these kinds of scams we would have clicked on the "Cancel this payment." To do so, though, we would have been asked to share passwords or personal or company financial information that would have led to identity theft, and likely caused great financial loss.


A couple of things about this email made us suspicious. The first one is the sender's email address. Even though it says "PalPal" before the email address, the email address of aw@ppl-dpt.com is not a genuine PayPal email address. Their email is always ........@PayPal.com.


Also, genuine PayPal email will not have typographical errors. Note that European is "european," all lower case.

Just to make sure, we went to our PayPal account and clicked on History. There never was a transaction made for the amount of $93.12.

There are also other problems with the email. See if you can spot them.

We forwarded this email to PayPal at spoof@PayPal.com and received the response copied below. PayPal acknowledged that the email we received was not genuine, and is known as "phishing."


Be aware that phishing comes in many forms. Examine unknown emails carefully.

Never open attachments if you're not sure who sent the email. Even then, you have to be careful. If you open an attachment, and apparently nothing happens, you may have just placed spyware on your hard drive.

This is the bogus email that we received:

PayPal aw@ppl-dpt.com
To: Sherlockinvestigations@gmail.com

We recorded a payment request from "Internet Safe-Shopping - shopsafe.com -" to enable the charge of $ 93.12 on your account.

Because the order was made from a european internet address, we put an Exception Payment on transaction id #PayPal-T2254 motivated by our Geographical Tracking System.

THE PAYMENT IS PENDING FOR THE MOMENT.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as "Internet Safe-Shopping -shopsafe.com-".

If you didn't make this payment and would like to decline the $ 93.12 billing to your card, please follow the link below to cancel the payment:

Cancel this payment (transaction id #PayPal-T2254) [link removed by Sherlock]

NOTE: Because email is not a secure form of communication, please do not reply to this email.

Copyright 1995-2007 PayPal Inc. All Rights Reserved.


Our response from the real PayPay:

RE: Q510 - Thank you for your email to PayPal
"spoof@paypal.com"

Thanks for taking an active role by reporting suspicious-looking emails.The email you forwarded to us is a phishing email, and our security team is working to disable it.

What is a phishing email?

Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information. PayPal will never ask for your password over the phone or in an email and will always address you by your first and last name. Take our Fight Phishing Challenge at https://www.paypal.com/fightphishing to learn 5 things you should know about phishing. You'll also see what we're doing to help fight fraud every day.

You've made a difference. Every email counts. By forwarding a suspicious-looking email to spoof@paypal.com, you've helped keep yourself and others safe from identity theft. Thanks,

The PayPal Team

1 comment:

Anonymous said...

Can you recommend the top Endpoint Security script freeware?
I looked on the web and found the following:
Kaseya.com
Logmein.com

They all look different... Does anyone has experience with any of them?
As well had somebody hear of that software:
N-able remote desktop software ?