Posted by: Donna Cunningham | April 19, 2011

Fraud Alert for PayPal Users–Fake Account Statements sent by Identity Thieves

It is one of the ongoing missions of this blog to alert readers to dangerous scams by identity thieves.  This one ALMOST got me, because it came in two stages, one last week and one today.  It purported to be from PayPal, the first one saying they’d be in touch soon to help me set up an email based monthly account information report.  Okay, I thought, but I don’t like doing banking online as it’s too vulnerable to hacking.

Then today, I got the second announcement, looking for all the world like an authentic PayPal communication, because they had copied PayPal’s graphics–easy enough, as anyone can do it with a simple right click.  It contained several links that I was to click on to set up the account statement mailings.  I ALMOST  bit because it looked so real.  Have a look at this screen shot:  

I ALMOST did what it asked because it looked so real and because the earlier email had said to expect it this week.   But every time my house hovered over those links, I kept remembering that PayPal’s security center explicity had warned long ago NEVER EVER to click on an email link and give out any information, but instead to click the email off and to go directly to my account and sign in.

 (PayPal is a safe, reputable company and works hard to keep members from falling for frauds like these.)

So I went to the site directly,  wrote to their fraud division, and got back the following email:

Dear  Donna Cunningham,

Thanks for forwarding that suspicious-looking email. You’re right – it
was a phishing attempt, and we’re working on stopping the fraud. By
reporting the problem, you’ve made a difference!

Identity thieves try to trick you into revealing your password or other
personal information through phishing emails and fake websites. To learn
more about online safety, click “Security Center” on any PayPal webpage.

Every email counts. When you forward suspicious-looking emails to
spoof@paypal.com, you help keep yourself and others safe from identity
theft.

Your account security is very important to us, so we appreciate your
extra effort.

Thanks,

PayPal

Note for more scams to beware of, see the posts in this category:  FRAUD ALERT

About these ads

Responses

  1. Good for you, Donna! Strangely enough, we got a scam email at my place of employment asking people to divulge personal information. Must be a hot time for scams. Everyone beware.

  2. the scammers are getting more clever every day. Thank you for posting this.

  3. Thank you for posting this, Donna. It’s exactly one of the emails I received. Like you, I was tempted to click, but accessed my account directly; although I was mystified by the “enhanced statement” claim. And honestly, I don’t think I need my statement to be enhanced. So, I just let it go (Mercury is retrograde). But thanks to your post, it’s been exposed and I’ve forwarded it to the “spoof” address. (The moon in Sagittarius is trining Uranus this morning and the sun just went into Taurus.)

  4. Thanks Donna. This email looks real enough to fool even the most sophisticated internet/web savvy person.

    What has helped me all these years in avoiding scams like the one you just initiated is a simple rule of thumb: If I did not initiate the email, request, etc…I just simply delete the suspicious email without opening.

    Works beautifully…

  5. Thanks for the warning, Donna. I could not believe how legit this looked! they are getting slicker by the minute, it seems. So glad you didn’t fall for it.

  6. I also received that email and another one offering me $10.00, thank you I forward them to the spoof@paypal.com web that you said. Thank you. There have been some emails sent to my contacts with just a link in it that I did not send.

  7. Thanks for posting this Donna. I actually fell for it. It looked so official. I’ve contacted PayPal and I just changed my password do hopefully all will be well.
    Thanks again.

  8. I got one of those, too. It looked very real, but I’m not in the habit of clicking on links inside an email to update my personal information – especially for anything finance-related. This seemed like a kind of a red-tinted flag. I went to my PayPal account and searched on “enhanced Account Statement,” where I discovered this was a phishing ploy. I hate to think what might have happened if I’d clicked on that link in the email!

  9. Thanks Donna!
    Here in South Africa we are bombarded with these phishing emails for our local banks – even the ones we don’t bank at!!
    Thanks for alerting us to the paypal attempt.

  10. Holy crap – I got one too! Thanks much Donna; like Margaret, I rarely open unless I HAVE to.

  11. Donna et al: Some ways you can identify those phishing emails:
    Do the links have https?
    Is the spelling correct? Many times the emails will have, on close inspection, misspellings, reversed letters, things added or left out of original urls,etc.
    Also, you can hover your cursor over the link, without clicking through it, to see where it actually leads! The emailer may have put the url in like it is supposed to look in your email and then misdirected it in the actual email link area.
    Run your email as a full header, which shows the senders id information.
    Check with the actual site that purports to be sending the email. MOST legitimate sites will never ask you for such information in an email, nor will they send links to click through about sensitive/confidential personal information. They will either/or send through the mail information and/or request that you go to their site and sign in that way. Such sites usually have sign-in seals and verifying questions to ask before you sign in. A phishing/spoofing site will not.

    • Great tips, Meloh, thanks! Yeah, misspelled words or poor grammar are a real give away of a scammer/spammer. Donna

  12. thank you, ma’am!! got this just in time :)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 736 other followers

%d bloggers like this: