General discussion


Gone phishin'

By M_a_r_k ·
I got an email from PayPal today telling me that I need to update my account by providing a debit/check card account number. However, the email has a couple of misspelled words in the first paragraph. That made me suspicious at first. On further investigation, the email appears to be legitimate and the links it forwards you to appear to be to the real PayPal website. (Though I don't know how to tell for sure). I find it pretty incredible that a company like PayPal would misspell words in an official correspondence concerning a serious matter like financial accounts. Like I said, from what I can tell this does appear to be really from PayPal but I am leery because of the misspelled words. From what I know about phishing, misspelled words are a tipoff that something is amiss. With the clients I sometimes interact with in my job misspelled words on official documentation are a HUGE no-no, so I can pick them out at the blink of an eye. I am not going to be updating any account information with PayPal until I actually make a transaction using them (which is very rare). Maybe I'm being overly careful because I got one of my credit cards stolen a couple of days ago.

After all this, my questions are: 1) Do you know anyone who has fallen for a phishing scam? (Would you admit it if you have?) The phishers must be hoodwinking at least a few people because phishing is not abating. 2) How can you tell if you are being phished? I would think that a link to a "http" web page rather than a "https" web page would be a clue but that's not always the case. Phisherman can be pretty smart in building a clone web page.

FYI, below is the first paragraph of the email from PayPal. I have boldfaced the misspelled words ("attion" should be "attention" and "non existant" should be "nonexistent").

Dear valued PayPal? member,

Due to recent fraudulent transactions, we have issued the following security requirements.
It has come to our attion that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the PayPal? service.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

M_a_r_k -- DON'T REPLY - You ARE being phished! Don't Bite!

by maxwell edison In reply to Gone phishin'

PayPal, ebay, banks, credit card companies, and other such businesses will NEVER send an email requesting that kind of personal information -- never.

I'm an active ebay seller (and sometimes buyer), and I use PayPal a lot. I've seen these emails more times than I can count. I always report it to the appropriate department. or (I think these are the email addresses. If not, there's a link at the legitimate site.)

So, yes, you are being phished. There's no doubt about it.

Have I, personally, ever fallen for one?

Part of my job is to train the office staff on various IT issues and functions, and we have monthly meetings to facilitate the training. One of my regular subjects is to show the latest and greatest phishing schemes going around, and I often-times use the ones I receive as examples. It's really a fun exercise to do, as other people speak up about the different ones they've received. It's a great way to keep the issue in the front of everyone's mind. Keep driving the issue home, and people are less likely to fall for it.

I received an email not too long ago from the president of ebay telling me about a special seller's deal that was being planned. It had his picture and everything. It didn't ask for my banking and credit card information, as most phishing schemes do, but it did ask me to enter my ebay username and password at the other end of the provided link to sign-up for the special promotion. Well, considering that I took a dumb-a$$ pill with my coffee that morning, I signed up for the special deal.

About a week later, ebay promptly ended all of my active auctions and suspended my account. What the heck, I thought? They also sent me an email asking me to contact their live-help, and verify whether or not I did indeed list that 2003 Mazda for sale. (No, I had no Mazda for sale.) After I logged into that live-help session, the person on the other end said to wait for a phone call to verify that I was who I claimed to be. The ebay people actually called me at home to verify my authenticity! They determined that my ebay account had been compromised, I was told, and they cancelled all auctions and suspended my account as a precaution. They would not tell me, for security reasons, how they knew it was not really my Mazda for sale, but I don't really care. They did an OUTSTANDING job protecting me and a potential unsuspecting buyer, who would have undoubtedly been scammed out of some money, and who would then have come after ME for failing to deliver a car they paid for! (Only three hours from the time the bogus Mazda was listed and when they suspended my account! I was impressed.)

After months and months of warning other people about it, I got bit in the a$$ myself. I didn't lose anything, however, nor did anyone else, so I was lucky -- very lucky. All I had to do was change my ebay password and I was good to go. I actually changed ALL of my passwords that day --- my PayPal, my email, etc.

I have a very "humbling", but funny story for my next IT meeting. There's nothing like a real-life experience to REALLY drive home a point. (No pun intended - "drive home" a point ... Mazda ....)

Collapse -

Was asked to provide the info on their web site

by M_a_r_k In reply to M_a_r_k -- DON'T REPLY - ...

The email from PayPal did not ask to send the acct information via email. It had a link to what appears to be PayPal's web site, where you have to log in to access your own account. The problem there would be, if it is a spoofed PayPal site, they'll grab your acct name and password. However, in this case I think it was legit because they also provide a link (on the web page) where, if you forgot your password, they will reset it and send you the new randomly-generated one. A spoofer/phisher couldn't do that.

That's interesting how eBay detected so quickly that your account had been compromised. I wonder how they did it. Of course, they won't tell you. Something must have triggered a checks and balances alert within their software. I've never sold anything on eBay so I'm not familiar with what kinds of information they could do that on but they surely have to have some way to verify (as much as reasonably possible) that the real account holder is trying to sell something. I'm glad to hear they have such good controls. Their business relies heavily on security so I guess it shouldn't be surprising.

And yeah, you're right. Experience is the best teacher. It keeps us all humble. It's a great story to relate to your trainees. If the trainer can get fooled, anybody can.

Collapse -

Mark: Be careful

by neilb@uk In reply to Was asked to provide the ...

The whole point of "good" i.e. successful, phishing is that it looks just like the real thing - complete with "lost password" buttons and other good stuff.

Basic rule: Never, never use the link in the email. Always make your way to the site directly from your browser.

By the way, I have this rather splendid bridge on the Thames with a couple of nice towers. We sold its mate to Lake Havasu, Arizona but I'm taking offers on the one that they thought they were buying...

Collapse -

Put the bridge on ebay. . . .

by maxwell edison In reply to Mark: Be careful

You'll probably sell the damned thing!

Collapse -

OK, Max

by neilb@uk In reply to Put the bridge on ebay. . ...

Just peer-mail me your e-bay account name and password and we'll go halves on the profits.

Collapse -

M_a_r_k - Trust me, really IT IS A SPOOFED EMAIL

by maxwell edison In reply to Was asked to provide the ...

That IS a spoofed email. There's absolutely no question about it. The link provided in the email goes to a spoofed site.


If you want to verify that, go to the PayPal home page, through your normal Web access means, log into your account, and on the bottom of your account overview page is a link to the PayPal Security Center. Verify it with them before you do anything.

But whatever you do, don't trust the email and don't trust the links in the email - THEY'RE PHONY!

Collapse -

I never trust any unsolicited account-related email

by M_a_r_k In reply to M_a_r_k - Trust me, reall ...

When I do get an email like that, I never go through the acct update process via the email link. Like you guys said, I'll bypass their link and go directly to their web site myself. If any account update stuff really is required, there should be some indication from the site after you legitimately log on.

Collapse -

they can hide bad url

by Dr Dij In reply to Was asked to provide the ...

either by extra long or bogus chars, cross scripting, or by clicking on link which is really a graphic and it shows ACTUAL url at bottom of page only when you mouse-over. some anti-phishing browsers / toolbars highlight this difference and tell you.

we had one spam get thru for same reason, was a graphic instead of words in email.

Collapse -

Another tip-off (actually TWO)

by maxwell edison In reply to Gone phishin'

PayPal, ebay, banks, and so on, have your real information on file. It's common practice to address you by name in any email, not just "dear valued member".

Also, whenever any request is made by them for your credit card or banking information, they will show you the last few digits of the number they already have on file. They even do this at their very own legitimate site.

Collapse -

Good point

by M_a_r_k In reply to Another tip-off (actually ...

about the nondirect salutation. But addressing each customer by name would require them to send individual "personalized" emails to every single customer. Might be tens of millions. Their emailer would be churning for days doing that. Sending one email in a mass distribution list is easier.

Sometimes you can tell by digging into the email header and finding the originator's email address. I've even had some dumb phishers where if you just start a reply email, the originator's email shows up directly in the reply address. If you get an email from PayPal but the reply address is something other than, be suspicious. This was something like (If it was something like, it'd be an obvious scam). Still could be a scam even if its, though. You can't prove a negative.

Related Discussions

Related Forums