| PT Info | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
We Visit    
|
|
PayPal Scam - This one can cost you thousands!
Submitted by: John Vaccaro
If you have used eBay or PayPal to purchase items on-line, this may affect you. Please read this announcement carefully. If you have used eBay, chances are you have a PayPal account.
Recently, I received an email notice from security@PayPal.com (on my business email account) asking me to update my account information. I received a second one this morning asking for the same thing. I do not have a personal account with PayPal or their parent company, eBay, so why would they ask me to update an account I do not have? After further investigation of this email, I realized that this was a scam to get people to divulge their personal financial information. This information can be used to create counterfeit credit cards and checks and to make purchases on-line. This information (or counterfeit items) is then sold on the black market once they have obtained all the information you give them.
The email I received was very well done and looked exactly like an email that one would receive from PayPal. However, giving it a closer look set off some flags that made me suspect a scam. This is what the email you are sent will look like.
){kind=small}
Photos is too large to fit on this page.
The first flag that went up is in the second sentence of the second paragraph. The writer states in the first paragraph that the account will be terminated in 24 hours if you do not send in this information. This is a time frame that they use so that they can scam as many people as they can, then shut down the web site so it makes it more difficult to be traced. Since I have a business account with PayPal, I know that under the Terms of Contract (TOC) any violation would automatically cancel my account. The writer of the email repeated this again in the second sentence. And if the account is terminated (as per the first paragraph), there would be no need to concern yourself with TOC violations or future billing problems. The second flag was with the gratitude line and the senders name. Having my own business and dealing with thousands of correspondences, I have never seen anyone that is in a business in this country (or anywheres else for that matter) end a gratitude line with an exclamation mark (a comma is always used). Also, I have never seen the name Mary spelled Marry. There is also a comma after the name which is improper use of the comma unless the title is placed on the same line. This was a flag that the sender did not understand English punctuation and grammer. What corporate executive or secretary do you know that would not know this?
Having noticed this, I went to the link that the email took me to. For anyone with a PayPal or other online account, you should know that you must log-in to your account before doing anything with it. This link took me directly to an official looking, and very well done page, that required no log-in and had all of the fields to fill out readily displayed. The information included social security numbers, checking account information, credit card information and other information that would be asked of you for verification and validation of the account. Besides the obvious, there were more flags on this page as well.
){kind=small}
Photo is too large to fit on this page.
Notice that the message states "the data is protected by the industry standard SSL encryption." Two things about SSL (Secure Socket Layer) sites; 1) they all require a log-in which is one reason they are secure, 2) none of them use http:// but rather https:// (the s is for secure). Now look at the IP address further. It has a static IP of 211.34.252.132. PayPal User Accounts start with https://www.paypal.com/ plus whatever follows.
Now that I was convinced that this is a scam to get your checking account and credit card information, I ran a web sniffer (NeoTrace from NeoWorx) on the IP address. Not to my surprise, I found that it originates from Seoul, Korea. If you have received an email from security@paypal.com and you filled out the information, please call your credit card company and stop any charges on the account you gave them and call your bank and stop any ATM or non-check transactions.
This one could cost you thousands of dollars and a real nightmare to correct.
