Heads Up! Resonably Accurate Looking Paypal Phishing Email Alert

by ExRat

Posted: 15 years ago 22 replies

INTERNET MARKETING

Hi,

I wouldn't normally start a thread about this, because phishing emails are a daily occurrence in my inbox.

I chose to with this one because the email seems to bear a close resemblance to real paypal emails, plus the email address that shows when you right click on the email and select properties is -

services AT paypall.com
...which is quite close to a genuine paypal address. Also, it was sent to my actual paypal address although I have no way of knowing if this was through luck or judgement.

The most important thing about this is if you get an email appearing to be from paypal telling you that your account has been limited, and you are concerned and want to log in and check things -

YOU SHOULD - open a new browser, type in 'paypal.com', log in and manually check if your account is OK and that there are no urgent messages in there.

YOU SHOULD NOT - click any link in any email in order to get to paypal and sign in.

Never click links in an email to get to paypal, or your bank etc. Always sign in manually (via typing the correct address into your browser address bar), if you need to.

Here's the email -

It looks just like a proper paypal email, which many of them don't.

If you right click the email title in your inbox, then click properties you will see that it is not from 'paypal' (only one L) -

If you then click the details tab, you can see where it really came from -

If you are not sure what you are doing, don't click on anything at all.

If you are at all concerned about an email purporting to be from paypal, simply click 'forward' and send the forwarded email to spoof@paypal.com and they will come straight back to you letting you know if it is a spoof or if it is real.

This is a public service broadcast brought to you by ExRat

#accurate #alert #email #heads #paypal #phishing #resonably

Ian Middleton 15 years ago

Thanks for that.

I notice it says dear paypal member. That's a clue, all my emails from them have my username on them!

Good advice there. Well done.

Ian
- Thanks
- 1 reply
{{ DiscussionBoard.errors[575779].message }}
- ExRat 15 years ago
  
  Hi Ian,
  
  I notice it says dear paypal member. That's a clue, all my emails from them have my username on them!
  
  You're absolutely right - it should have the account name - either your name or your business name, depending on what type of account you have.
  
  It might only be a minor thing, but by observing these details, they become imprinted in your mind, and on that bad day where you are tired, have just launched a product and you panic when you get the 'account limited' phishing email, it could make the difference between clicking a bad link by accident or not.
  
  Thanks
  
  Signature
  
  Roger Davis
  
  {{ DiscussionBoard.errors[575798].message }}
athMa 15 years ago

i've just received the same email! Thanks for the head up, though i never click on something that goes into my junk folder!
- Thanks
{{ DiscussionBoard.errors[575803].message }}
abelacts 15 years ago

Thanks for the alert.

Wow that's pretty close to the real Paypal domain.

As you said, the safest is to login to Paypal (or any sensitive sites like online banks) by typing in the URL into your browser. Clicking link from your email is a sure way to get phish.
- Thanks
Signature

- Abel

Latest WSO: Health & Fitness PLR
Others: Dating PLR|Twitter PLR |Weight Loss PLR Product Reviews Conduit Style
{{ DiscussionBoard.errors[575813].message }}
Harvey Segal 15 years ago

Originally Posted by ExRat

If you are not sure what you are doing, don't click on anything at all.

I agree. You should get the 'l out of there

Harvey
- Thanks
- 1 reply
Signature

The Complete Guide To ClickBank
{{ DiscussionBoard.errors[575833].message }}
- Sandor Verebi 15 years ago
  
  Hi Roger,
  
  This thing is not unknown for me, I was occupied with it already. Nevertheless, thank you for your heads up.
  
  Originally Posted by Harvey.Segal
  
  .... You should get the 'l out of there
  
  Harvey
  
  LOL...Harwey you made my day, thanks
  
  Cheers,
  
  Sandor
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[576779].message }}
  
  Harvey Segal 15 years ago
  
  Originally Posted by Sandor Verebi
  
  LOL...Harwey you made my day, thanks
  
  What have you done with my V ?
  
  Thanks
  
  1 reply
  
  Signature
  
  The Complete Guide To ClickBank
  
  {{ DiscussionBoard.errors[576878].message }}
  
  Sandor Verebi 15 years ago
  
  Originally Posted by Harvey.Segal
  
  What have you done with my V ?
  
  Hey Sir Supertips, sorry, I didn't want to be your godfather. I don't really understand how happened it.
  
  But you are the reason the naming, because you laughted me and I didn't pay enough attention to the writing. This isn't beautiful from me, I am not a today's child already though. I promise I'll be more carefully next time.
  
  Thank you for your kind understanding.
  
  Cheers,
  
  Sandor
  
  Thanks
  
  {{ DiscussionBoard.errors[579865].message }}

anan7alp

15 years ago

Hi Exrat!

Thanks for your alert,so if you click that email what happen?

Anania.

Thanks
1 reply

Signature

Free eBook, Step by Step How to Make Your First Website.
www.makingyourfirstsite.com

{{ DiscussionBoard.errors[575922].message }}

ExRat

15 years ago

Hi Harvey,

Yes, you should get that extra 'l out of there

And while you're at it, add the 'a I missed out of reasonably...

Hi anan7alp,

if you click that email what happen?

I wouldn't know for sure, obviously, as I wouldn't click it to find out.

If you click the link, the most likely outcome is that it will send you to a dummy page that is designed to look identical to a paypal log in page, and will have a similar (or cloaked) address (probably paypall in this case) - then it will then probably send you to an error page (that will say something went wrong with the login - then it will direct you to the real paypal where you will sign in and wonder why your account isn't limited - then most people will shrug it off - which is why they do this).

Then the false page will immediately send your login username and password to the phishers who will also sign into your account and change the password so you can't get in. Then they go on a spending spree and harvest all of your details from the account for further theft purposes.

There's also a chance that clicking the link will result in some nasties being downloaded to your PC like a keylogger virus for example.

You can also check a link's real destination by hovering over it and looking in the lower left of your browser/inbox - but obviously, be very careful - if you accidentally click it, you could have problems.

Hi Dave147,

"if there's no name - Don't Click It!

Sorry to sound pedantic, but the implication from that advice is that of it IS addressed to you, then it IS OK to click it - which it's NOT. It's far from impossible that they will have your paypal email AND your name.

Again - if an email causes concern -

Type the exact address (EG paypal.com) into a new browser window and log in that way - if anything devastating has happened to your account, they won't just send you an email (and if they do they normally won't give you a link to click) - they will also alert you as soon as you log in.

Thanks

Signature

Roger Davis

{{ DiscussionBoard.errors[576002].message }}

dave147

15 years ago

[DELETED]

{{ DiscussionBoard.errors[579155].message }}

ExRat

15 years ago

Hi Dave147,

I have received many phishing paypal emails and none of them have my paypal reg name. I don't believe they can get into the paypal database for your name (yet) If they could they would certainly be using it instead of "Dear Paypal User" I agree that you should hover over the address but the one big giveaway is them not having your paypal name - if you don't see your name just delete.

So because you have received no phishing emails with your name on it, that means that none of the related points I made matter?

Sigh.

They don't need to get into paypal's database.

My point was, when I had outlined the best way to avoid making errors, if someone comes along and says -

if there's no name - Don't Click It!

then the implication is that if the name IS there then it's safe.

...it's not, and just because YOU haven't experienced a phishing email with your name on it means nothing.

I'll elaborate -

Have you ever given someone your paypal email address for anything at all, and did they also know your name?

The old forum used to have 'buy me a beer' if you allowed it on your post. It became apparent that the paypal email was being harvested at one point.

There are many other methods of finding out someone's paypal email address and matching it with their name - particularly if the person believes they are going to be sent money.

There are many people using unencrypted buy buttons on their websites that also allow the paypal email to be harvested. It's not rocket science.

Here's how a hacker's mind works - if certain people think that a paypal email is safe if it has their name on it, what do you think they are going to do next? Send phishing emails with the correct name on it.

We could argue all day about this, but the fact is that if you're going to give a large group of people advice about how to stay safe, then it's best to avoid assumptions and leave no stone unturned.

I don't see the point of you coming back and trying to prove that this -

if there's no name - Don't Click It!

...is a helpful statement in the context of the thread. Do you?

Or do you agree that this is a much better way of putting it (which incidentally, I already had) -

Again - if an email causes concern -

Type the exact address (EG paypal.com) into a new browser window and log in that way - if anything devastating has happened to your account, they won't just send you an email (and if they do they normally won't give you a link to click) - they will also alert you as soon as you log in.

Or let's put it another way, for even more clarity -

Don't ever click on a link in a paypal (or bank) email. Always log in via a new browser window and type the URL in by hand.

Thanks

Signature

Roger Davis

{{ DiscussionBoard.errors[579217].message }}

dave147

15 years ago

[DELETED]

{{ DiscussionBoard.errors[582315].message }}

ExRat

15 years ago

Hi Dave147,

No, what I mean is if you don't see your name on it you don't need to go any further, don't even read it, just delete - you know its fake.

If your name is on it then consider your points.

Thanks for elaborating - I totally agree.

RE - my point about taking care when advising people on these things/leaving no stone unturned/no room for misunderstanding -

If you had phrased it that way in your original post, I wouldn't have commented on it.

Thanks

Signature

Roger Davis

{{ DiscussionBoard.errors[582353].message }}

Dave777 15 years ago

It's a good idea for those unfamilar with PayPal Phishing and the topic in general to be more aware! Best to try and keep uptodate on the ongoing Phishing problems...
https://www.paypal.com/cgi-bin/websc...ishing-outside
APWG: Phishing News

Dave
- Thanks
{{ DiscussionBoard.errors[575989].message }}
talfighel 15 years ago

I know that PayPal came on TV once. I think it was on Opera and told people that they will never ever ask users by email to get into their account through a link in that email.

The best way, in order to avoid the scammers from getting your info, is to log in into your paypal account from your browser and not from a link in an email.

In your browser, make sure that when you log in, the link says:

https://paypal.com/

"S" is for secure.

Tal
- Thanks
Signature

---> [URGENT] Here's How To Build Wealth With Gold And
Silver And Earn Up To $7,000 Per Week!
{{ DiscussionBoard.errors[576396].message }}
CmdrStidd 15 years ago

One time I got one of these phishing emails and I decided to have fun with them. I clicked on the link and I made up a phony user name and for the password I entered g05cr3wy0ur53lf. I wonder if they ever did get any money out of that account?
- Thanks
{{ DiscussionBoard.errors[576699].message }}
Neil Morgan 15 years ago

I know that PayPal came on TV once. I think it was on Opera and told people that they will never ever ask users by email to get into their account through a link in that email.

We had a discussion about that on here recently.

A few weeks ago I received a genuine email from PayPal that DID have a link they wanted me to click to log in to my account. I wrote about it here, my point being that they were perpetuating the phishing problem by doing it that way.

In other words, just when everyone is learning not to click on links in emails from PayPal, banks etc, they go and ask their customers to do it.

Cheers,

Neil
- Thanks
Signature

Easy email marketing automation without moving your lists.
{{ DiscussionBoard.errors[577236].message }}
Brett Kruger 15 years ago

Thanks for that.

There really are some #$%@!*&^ in this world.

Cheers

Brett.
- Thanks
Signature

If you use a cell phone you need Air Tube Headsets or Anti Radiation Headsets!
{{ DiscussionBoard.errors[579393].message }}
gilbertm 15 years ago

Hey ExRat, Thanks for that. It's pretty scary. I got the same email about a week and half ago. I noticed it said: Dear Paypal Member. I also noticed it said from PayPall. It had two LL's instead of one on Pall. It's good to keep other marketers informed with this kind of information. All those thiefs out there need to be put out. EVERYONE NEEDS TO READ THIS POST. Let's take care of eachother's bank accounts and identities. Thanks Again!

~ Gilbert
- Thanks
Signature

FREE! "Learn The #1 Secret I Used To Make
My First $2,316.11 Online, And How You Can
Too...The Easy Way!"
{{ DiscussionBoard.errors[579507].message }}

Heads Up! Resonably Accurate Looking Paypal Phishing Email Alert

Trending Topics

How do I effectively build and nurture an email list for affiliate marketing purposes?

Are Solo ADs the Most Cost Effective Way to Promote your Product?

Are billboards still effective in driving customers?

Been a while! Any of you Old Timers here?

How much does the rebranding affect CR ?