Warning - New Paypal Spoofing Attack

Thanks for this. I'm sure it will benefit many members so they can avoid a terrible spoofing attack!

Alex

Thanks for sharing this...The scam messages in my email that I always accidentally read are sort of along the same lines...UPS Late Delivery Notification, Suspicious Activity in Your PayPal Account and Invoice Reminder - Payment Due have all been subject lines for scam emails that I've read unwillingly.

Fred, thank you for this. The short of it (for those that didn't read):
NEVER click links and login from email. It's just too risky. If there IS a problem with your site, call the company and/or login directly.
The bogus links look like this (like Fred pointed out):
http : // www . paypal DoT COM . a235afuawe2344 .com

So, the trick is, a paypal URL might ACTUALLY have a bunch of gibberish at the end (we're used to seeing this as part of a URL string, which is basically a "GET" method of sending variables; we see this frequently in affiliate links or tracking links).

The fact that we're USED to seeing this gibberish means we are easily fooled; the actual domain name in that case would have been the ouaoisudf9872937rasudfhkh.com (or whatever) and the www.paypal DOT com at the front is actually a subdomain.

Don't get tricked, and be suspicious of everything. Take care all.

Thanks for the heads up. I wish there was a way to crack down on this.

These have been around for years. Forward them to spoof(at)paypal.com , the easiest way to get around them is to simply open a new browser, login to your paypal account by you entering in the www (not the clickable link in the spoof email) and checking your account. You can also view the full header in the email if you want to see who is sending it. You should send the email and full header to spoof(at)paypal.com

Its scary sometimes what these people will do especially to people who have no clue whats going on or have never experienced a spoof email. Learn how to read a url also...

for example if it says (paypals.com/xxxx) you know its not the original paypal site. The best offense .. is knowledge, and a good defense.
Thx for the post

Yes, always.. always check to see whats going on before you ever click any links in your emails. You can also simply hover over the link or right click on the link and click properties on the drop down menu to see what the link is or where it will take you even before you ever click it or check the printable versions of it or the full headers.

You can even get a virus or email attack by simply opening an email. There are a ton of things that can go wrong even in a simple email. Luckily most of these fishers or spammers dont have the knowledge to do more technical stuff other than simply try to scare people with threats of accounts being suspended and adding a link in the email and hoping you click on it.

One of the most famous ones in recent years is emails being sent by the sender. The first time I got this we kind of freaked out thinking that somebody hacked one of our servers. Doing more research it was found out that these people simply put your email address in as the "sender" and the "from" ..

'To: You(at)your email address.com'
From: You(at)your email address.com'

Again full headers on an email can be viewed in most email services. Its a pain, but some good info you know. If you want to get more on the techical end most headers will actually have the route that the email was sent and an ip. You can do a reverse ip search and see where the email came from, the country, and sometimes even the person who sent it. This is really not necessary as a simple ban or blacklist, or spam blocker (box trapper) to the ip or senders email can be put in place to stop it.

One great word of advice to always follow when checking your emails:
~ You will NEVER win a lottery from your email address.
~ You do NOT have any long lost relatives that left you millions of dollars.
~ You did not win the microsoft lottery (because they dont have one).
~ You can not help a person in another country transfer millions of dollars into your country by sending them money and your info.
~ A person really did not get stranded in another country and can not get back by you donating money.
~ You do not have a long lost bank account with funds in it.
~ If you dont have an account at a bank or never did, you probably still dont.
~ Paypal did not suspend your account..

After years on the internet, we have seen all of the above. Most will ask for your information. NEVER give your information or respond to any of the emails above. They are all spoofs.

But yes, sir... it is scary and hopefully the info above helps a little. You have a wonderful day. Thanks.

one more little tid bit.
Some emails will say you have to click a link to confirm your account, this is actually an instant subscribe link which then adds your email addy to their email list and the spam will come in, so watch for those type of emails also. It will have a url and toward the end of the url it will have your email addy in the url itself, these are autosubsribe fishing links. (phishing)

I've seen several of these already, along with the "your Yahoo account has been suspended" yet I'm in the email using it (Really???). I don't click on any bank links of any kind, or Paypal links either. I'll just manually go to it, log in, and see if I have any messages on there that reference it.

I've been so skeptical of links that when short URLs came out, I was afraid to even click any of them. lol. But yeah, there are people that would definitely benefit from this so definitely good that you put it up. They're getting bolder and bolder with their tactics.

I can't believe how far some people might go with scamming. Maybe it can be reported to PayPal and they can verify who registered that domain, from what IP, who lives there, then pay them a nice visit

I also got this message but I ignored it.

@Eduard Stigna - any spoof emails can be forwarded to spoof(at)paypal.com you should include the full headers. I always do this.. but what happens from there is the big mistery? im assuming they have a team that might work or investigate the spoof email furthur, but who knows. Maybe my little forward to their spoof department might helps others down the road.

Ok, I dont know if people know about this or not, for every website be it facebook , paypal or anything, you can create a spoof login page if you know PHP. as well as an Index page.
create them and upload them to a file host!

and send the link via E-MAIL to any one..
if the person clicks on ur link and logs in, you will have there password in your PHP file...

Its called Phishing..

Thanks for sharing with all the details Fred.

Great advice.

Those are the ones that get you.
In a moment of weakness. Or you just made a paypal payment or ebay payment and you get the message that says your account has been suspended.
The spoof email seems very real and timely.
That's how I almost got fooled several years ago...almost.
You need to keep your guard up at all times!
These scams have been around for years and they will continue to be around.
You just have to be carful out there.
Thanks for the reminder.

Thanks for posting this. Yes scammers get pretty smart these days, I got fooled once thinking that I got a message from PayPal, but instead it was from a scammer. Good thing I emailed PayPal before doing anything where they told me that what I got is not from them

Thanks for the warning.

Thanks for the info. I always say to others when they get these messages. Check with pay pal direct first to see if they actually sent it. Log into your accounts to see for any notifications..