Paypal Scam
Got a Paypal scam e-mail tonight. I have to admit, it was a nice effort. It included several warnings to check the URL in your browser’s address bar, and looked very authentic and believable, except for this bit (emphasis mine):
You will be guided through a series of steps which will require you to enter personal information, such as credit card number and/or bank details.
Of course, I’m always extremely skeptical and cautious about such things, and even without the very fishy line above, I was suspicious. By using Mail.app’s View Raw Headers option I was able to look at the HTML source. All of the images were linked from the real Paypal site, and all of the links (privacy policy, Paypal security center, update mail prefs) were valid Paypal links… except for the payload (”You MUST click the link below…”) URL, which used the %00 password-in-url hack that affects IE users who aren’t patched up to date.
At any rate, I poked around the Paypal site for a few minutes, and found an address where you can forward such emails to help Paypal research them. The address is spoof@paypal.com. If you get any of this crap, take a moment to forward it along, especially if it slips past your spam filter (as it did mine). I was impressed when five minutes later, I received and email from Paypal (probably auto-generated, but still) that included a quoted copy of what I’d sent them, along with thanks and an assurance that it was a spoof. My only suggestion is that they make this information more prominent, such as a homepage “Need to know if a Paypal email is authentic?” link.
You can leave a response, or trackback from your own site.
Yeah, just got one of them… similar anyway… a few moments ago. It was informing me that “I” had apparently requested a new email address be added to my Paypal account. Being likewise skeptical, I never open Paypal.com from any links. I always type it in. So, I immediately hopped on, changed my password and ensured that the email address in question was not present in my profile (it wasn’t). I took a moment to look further in the email and found as you did that all the “extras” on the page were genuine Paypal requests (images, secondary links, etc) and that the link used to “confirm this request…” was to an IP address rather than a DNS named paypal page.
Yeah, I’ll get right on that! The IP address, if I cared to check, was no doubt in some “developing nation” waiting to snatch up my good ol’ US green.
Thanks but no thanks.