I just got fooled by a fake Paypal email

DanTheMan

I just got an email that stated that another email address had been authorized to my Paypal account, and that if this was not correct, to click the link below.

So (big mistake) I clicked the link. I get a phony but convincing looking "Paypal" page saying that the page had been removed, and to click the link below to go to the home page.

So I clicked that link. My address bar says www.paypal.com/someotherstuff, so I think I'm good to go here. I log in, and then it takes me to a page where I am asked to give my credit card number as a "security measure". I enter it. It prompts me for my 3-digit code thingy from the back of my card. I enter it.

Then I start to thinking that this is all a little fishy. DUH, YA THINK?? I noticed that the address bar looked a little funny, and I discovered that somehow, the webpage was masking my actual address bar with a phony one over the top of it that made it look like I was really on Paypal, when in actuality I was on www.xyz123.com or something like that. I could still see the very bottom of my real address bar, but by this time I had given them everything but my freakin' social security number and mother's maiden name.

Christ, I can't believe I fell for that shit, I don't know why it took me so long to figure out I was being scammed, normally I never even would have taken the first step of clicking on the link to get to the site, I would have just opened up a browser window and gone directly to the site by entering it into the address bar.

So (finally) I went to the real Paypal, changed my password, all that jazz. I called my credit card company and shut down my account, they said there was no activity on it today. So I think I'm safe. But feeling like a royal dumbass.

Satanus

That was sharp of you to notice so quickly that it was fake. Those *&^%ing bastards.

S

Big Dog

I hate that stuff worse than anything. Everyday I get bombarded by all this official looking spam, from banks, credit card companies, etc. telling me that my account is whacked or whatever and I need to fix it. Most of the time when all I do is high light the offending spam in Outlook my virus protection tells me it just saved my butt and I didn't even open the email, just moved the cursor to it in Outlook.

I will say that the hackers, whackers and whatever that come up with these scams in lieu of working are the lowest form of sub human gristle, lower than toile bugs, lower than anything I can think of, 15 minutes alone with one of these creeps would make my year.

TD

Paypal always uses your first and last name in any correspondence --- never "Dear Valued Customer," "Dear Paypal Customer" or other such B.S.

(Sorry, after-the-fact advice doesn't help much....couldn't resist)

DanTheMan

Eh, I guess I shouldn't feel too bad, a lot of people get fooled by this stuff. Lesson learned, fairly painlessly.

I wonder if I should even use that email anymore for Paypal though, now that the scammers at least know that I have an account there.

Lady Lee

I hope you reported it to Paypal. I know somewhere on their site they have a link to report these scammers

Es

What a bugger

es

DanTheMan

I just forwarded the email to spoof@Paypal.

Here's the link that was in my email (DON'T CLICK!)

https://www.paypal.com/us/wf/f=ap_email

Looks legit, right? But notice how when you hover over it, the web address that shows up on the bottom left-hand portion of your web-browser window is not paypal, but something else.

Been there

Thanks for the warning Dan.

Don't beat yourself up too bad. They work hard at trying to fool people. You were smart to catch it. I wouldn't have.

Ingenuous

Dan, you did well in your follow-up. It would be a good idea to change your email password - actually, the best thing would be to go to another machine and change all your vital stats again from there. You need to scan the original box (the one you were on when you followed the link) for viruses, trojans, key loggers, etc. A lot of phishing emails are designed to download malware the second you click on a link, whether or not you enter personal info. If you don't have access to another machine and you scan your box and find malware, you'll need to change all your vitals again after your box is clean - you don't know what info was logged and sent back to the person originating the email.

URLs can look legit and be anything but. It's common practice now for hackers to create an address that looks legitimate but uses letters from a language other than English. For example: wwwdotebaydotcom looks like the eBay address in English, but may have been created using letters from another language that look like the English letters. The code for the foreign letters is different from the code for the English letters, so the address is unique and owned by someone other than eBay. The text displayed in a message can also be faked pretty easily via HTML.

Another tip: Whenever you're going to a site like PayPal or eBay and need to log-in or make changes to personal information, always open up a new browser window and enter the address by hand. It doesn't matter whether the email is legitimate or not - don't click on any links in any email. (eBay is famous for telling users not to click links in emails to get to their pages, then sending legitimate emails with links in them.) This is one way to minimize the chances of your browser being hijacked to send you to a look-alike. Anything you supposedly need to do from a link can be done by logging-in to the site directly if it is legitimate. eBay has attempted to get around the problem of fake emails by giving everyone an eBay mailbox, but I've received phishing attempts there as well.

For all its faults, eBay has a pretty decent intro on protecting your identity and ferretting out spoofs - though I wouldn't trust their recommendations for verifying an eBay address, as all of their examples can be faked.

I just got fooled by a fake Paypal email

Share this