Heads Up! Resonably Accurate Looking Paypal Phishing Email Alert

[ExRat]

Hi,

I wouldn't normally start a thread about this, because phishing emails are a daily occurrence in my inbox.

I chose to with this one because the email seems to bear a close resemblance to real paypal emails, plus the email address that shows when you right click on the email and select properties is -

services AT paypall.com
...which is quite close to a genuine paypal address. Also, it was sent to my actual paypal address although I have no way of knowing if this was through luck or judgement.

The most important thing about this is if you get an email appearing to be from paypal telling you that your account has been limited, and you are concerned and want to log in and check things -

YOU SHOULD - open a new browser, type in 'paypal.com', log in and manually check if your account is OK and that there are no urgent messages in there.

YOU SHOULD NOT - click any link in any email in order to get to paypal and sign in.

Never click links in an email to get to paypal, or your bank etc. Always sign in manually (via typing the correct address into your browser address bar), if you need to.

Here's the email -



It looks just like a proper paypal email, which many of them don't.

If you right click the email title in your inbox, then click properties you will see that it is not from 'paypal' (only one L) -



If you then click the details tab, you can see where it really came from -



If you are not sure what you are doing, don't click on anything at all.

If you are at all concerned about an email purporting to be from paypal, simply click 'forward' and send the forwarded email to spoof@paypal.com and they will come straight back to you letting you know if it is a spoof or if it is real.

This is a public service broadcast brought to you by ExRat

[Ian Middleton]

Thanks for that.

I notice it says dear paypal member. That's a clue, all my emails from them have my username on them!

Good advice there. Well done.

Ian

[ExRat]

Hi Ian,

Quote:

I notice it says dear paypal member. That's a clue, all my emails from them have my username on them!

You're absolutely right - it should have the account name - either your name or your business name, depending on what type of account you have.

It might only be a minor thing, but by observing these details, they become imprinted in your mind, and on that bad day where you are tired, have just launched a product and you panic when you get the 'account limited' phishing email, it could make the difference between clicking a bad link by accident or not.

[athMa]

i've just received the same email! Thanks for the head up, though i never click on something that goes into my junk folder!

[abelacts]

Thanks for the alert.

Wow that's pretty close to the real Paypal domain.

As you said, the safest is to login to Paypal (or any sensitive sites like online banks) by typing in the URL into your browser. Clicking link from your email is a sure way to get phish.

[Harvey Segal]

Quote:

Originally Posted by ExRat

If you are not sure what you are doing, don't click on anything at all.

I agree. You should get the 'l out of there

Harvey

[anan7alp]

Hi Exrat!

Thanks for your alert,so if you click that email what happen?

Anania.

[Dave777]

It's a good idea for those unfamilar with PayPal Phishing and the topic in general to be more aware! Best to try and keep uptodate on the ongoing Phishing problems...
https://www.paypal.com/cgi-bin/websc...ishing-outside
APWG: Phishing News

Dave

[dave147]

"if there's no name - Don't Click It!

[ExRat]

Hi Harvey,

Yes, you should get that extra 'l out of there And while you're at it, add the 'a I missed out of reasonably...

Hi anan7alp,

Quote:

if you click that email what happen?

I wouldn't know for sure, obviously, as I wouldn't click it to find out.

If you click the link, the most likely outcome is that it will send you to a dummy page that is designed to look identical to a paypal log in page, and will have a similar (or cloaked) address (probably paypall in this case) - then it will then probably send you to an error page (that will say something went wrong with the login - then it will direct you to the real paypal where you will sign in and wonder why your account isn't limited - then most people will shrug it off - which is why they do this).

Then the false page will immediately send your login username and password to the phishers who will also sign into your account and change the password so you can't get in. Then they go on a spending spree and harvest all of your details from the account for further theft purposes.

There's also a chance that clicking the link will result in some nasties being downloaded to your PC like a keylogger virus for example.

You can also check a link's real destination by hovering over it and looking in the lower left of your browser/inbox - but obviously, be very careful - if you accidentally click it, you could have problems.

Hi Dave147,

Quote:

"if there's no name - Don't Click It!

Sorry to sound pedantic, but the implication from that advice is that of it IS addressed to you, then it IS OK to click it - which it's NOT. It's far from impossible that they will have your paypal email AND your name.

Again - if an email causes concern -

Type the exact address (EG paypal.com) into a new browser window and log in that way - if anything devastating has happened to your account, they won't just send you an email (and if they do they normally won't give you a link to click) - they will also alert you as soon as you log in.

[Traffic-Bug]

I never click on any link in an email about Paypal. I already wrote to Paypal that they are using different "Send from" email addresses for legitimate purposes like service@intnl.paypal.com and replies show sender as "webform" etc so unprofessional. No response to my advise to use only single email ID for all outgoing mail from Paypal so that one only can be white listed. Same story with Godaddy too. they send mails from supportwebsite.com and godaddy.com and wont listen to change to single outgoing email ID for support responses. They also dont attach what you made the original query about, when confirming your support query with incident ID

[talfighel]

I know that PayPal came on TV once. I think it was on Opera and told people that they will never ever ask users by email to get into their account through a link in that email.

The best way, in order to avoid the scammers from getting your info, is to log in into your paypal account from your browser and not from a link in an email.

In your browser, make sure that when you log in, the link says:

https://paypal.com/

"S" is for secure.


Tal

[CmdrStidd]

One time I got one of these phishing emails and I decided to have fun with them. I clicked on the link and I made up a phony user name and for the password I entered g05cr3wy0ur53lf. I wonder if they ever did get any money out of that account?

[Sandor Verebi]

Hi Roger,

This thing is not unknown for me, I was occupied with it already. Nevertheless, thank you for your heads up.

Quote:

Originally Posted by Harvey.Segal

.... You should get the 'l out of there

Harvey

LOL...Harwey you made my day, thanks

Cheers,

Sandor

[Harvey Segal]

Quote:

Originally Posted by Sandor Verebi

LOL...Harwey you made my day, thanks

What have you done with my V ?

[Neil Morgan]

Quote:

I know that PayPal came on TV once. I think it was on Opera and told people that they will never ever ask users by email to get into their account through a link in that email.

We had a discussion about that on here recently.

A few weeks ago I received a genuine email from PayPal that DID have a link they wanted me to click to log in to my account. I wrote about it here, my point being that they were perpetuating the phishing problem by doing it that way.

In other words, just when everyone is learning not to click on links in emails from PayPal, banks etc, they go and ask their customers to do it.

Cheers,

Neil

[dave147]

Quote:

Originally Posted by ExRat

Hi Harvey,



Hi Dave147,

Sorry to sound pedantic, but the implication from that advice is that of it IS addressed to you, then it IS OK to click it - which it's NOT. It's far from impossible that they will have your paypal email AND your name.

Again - if an email causes concern -

Type the exact address (EG paypal.com) into a new browser window and log in that way - if anything devastating has happened to your account, they won't just send you an email (and if they do they normally won't give you a link to click) - they will also alert you as soon as you log in.

I have received many phishing paypal emails and none of them have my paypal reg name. I don't believe they can get into the paypal database for your name (yet) If they could they would certainly be using it instead of "Dear Paypal User" I agree that you should hover over the address but the one big giveaway is them not having your paypal name - if you don't see your name just delete.

[ExRat]

Hi Dave147,

Quote:

I have received many phishing paypal emails and none of them have my paypal reg name. I don't believe they can get into the paypal database for your name (yet) If they could they would certainly be using it instead of "Dear Paypal User" I agree that you should hover over the address but the one big giveaway is them not having your paypal name - if you don't see your name just delete.

So because you have received no phishing emails with your name on it, that means that none of the related points I made matter?

Sigh.

They don't need to get into paypal's database.

My point was, when I had outlined the best way to avoid making errors, if someone comes along and says -

Quote:

if there's no name - Don't Click It!

then the implication is that if the name IS there then it's safe.

...it's not, and just because YOU haven't experienced a phishing email with your name on it means nothing.

I'll elaborate -

Have you ever given someone your paypal email address for anything at all, and did they also know your name?

The old forum used to have 'buy me a beer' if you allowed it on your post. It became apparent that the paypal email was being harvested at one point.

There are many other methods of finding out someone's paypal email address and matching it with their name - particularly if the person believes they are going to be sent money.

There are many people using unencrypted buy buttons on their websites that also allow the paypal email to be harvested. It's not rocket science.

Here's how a hacker's mind works - if certain people think that a paypal email is safe if it has their name on it, what do you think they are going to do next? Send phishing emails with the correct name on it.

We could argue all day about this, but the fact is that if you're going to give a large group of people advice about how to stay safe, then it's best to avoid assumptions and leave no stone unturned.

I don't see the point of you coming back and trying to prove that this -

Quote:

if there's no name - Don't Click It!

...is a helpful statement in the context of the thread. Do you?

Or do you agree that this is a much better way of putting it (which incidentally, I already had) -

Quote:

Again - if an email causes concern -

Type the exact address (EG paypal.com) into a new browser window and log in that way - if anything devastating has happened to your account, they won't just send you an email (and if they do they normally won't give you a link to click) - they will also alert you as soon as you log in.

Or let's put it another way, for even more clarity -

Don't ever click on a link in a paypal (or bank) email. Always log in via a new browser window and type the URL in by hand.

[Brett Kruger]

Thanks for that.

There really are some #$%@!*&^ in this world.

Cheers

Brett.

[gilbertm]

Hey ExRat, Thanks for that. It's pretty scary. I got the same email about a week and half ago. I noticed it said: Dear Paypal Member. I also noticed it said from PayPall. It had two LL's instead of one on Pall. It's good to keep other marketers informed with this kind of information. All those thiefs out there need to be put out. EVERYONE NEEDS TO READ THIS POST. Let's take care of eachother's bank accounts and identities. Thanks Again!

~ Gilbert

[Sandor Verebi]

Quote:

Originally Posted by Harvey.Segal

What have you done with my V ?

Hey Sir Supertips, sorry, I didn't want to be your godfather. I don't really understand how happened it.

But you are the reason the naming, because you laughted me and I didn't pay enough attention to the writing. This isn't beautiful from me, I am not a today's child already though. I promise I'll be more carefully next time.

Thank you for your kind understanding.

Cheers,

Sandor

[dave147]

Quote:

Originally Posted by ExRat

Hi Dave147,

So because you have received no phishing emails with your name on it, that means that none of the related points I made matter?

No, what I mean is if you don't see your name on it you don't need to go any further, don't even read it, just delete - you know its fake.

If your name is on it then consider your points.

[ExRat]

Hi Dave147,

Quote:

No, what I mean is if you don't see your name on it you don't need to go any further, don't even read it, just delete - you know its fake.

If your name is on it then consider your points.

Thanks for elaborating - I totally agree.

RE - my point about taking care when advising people on these things/leaving no stone unturned/no room for misunderstanding -

If you had phrased it that way in your original post, I wouldn't have commented on it.