Thieves Use PayPal
Wednesday, 11. February 2009, 09:28:23
A providential and interesting follow-up to my previous post...
I was over at a friend's apartment yesterday to move around her computer and furniture. She asked me about a couple of things that came up recently on her internet and in her mailbox. I fixed the internet thing but this was a very interesting notice in her e-mails:
What is very interesting is that this elderly lady's first question to me was, “What's PayPal?” My “scam antennae” shot up right away! She had been the victim of a hoax virus e-card last year and it took me 2 days to root out all the spyware & trojans (I couldn't simply reformat the hard drive since she didn't have reinstallation software). Thankfully, she now asks me about anything that looks suspicious—like this. I was actually excited to see this in light of Lovinmalamutes' daughter's trouble with PayPal.
First thing to note with this phishing e-mail scam is this: the notice is too plain. Secondly, there is no copyright information about PayPal. Thirdly, the request is to log onto PayPal – once your login information is given away via a false front, you're done! The thieves have full access to personal and banking or credit card information—and they harvest this information in less than 5 minutes. But let's look at something else:
Right-clicking on the sender's e-mail and selecting 'Properties' reveals the fact that whoever sent it is not associated with PayPal at all! I did a quick Google search and found out that “tools.ca” is a domain for an accounting software firm, not having anything to do with PayPal. I didn't even want to click the link in the e-mail to see where it went or if it might install spyware on her computer. After taking these screen captures, it was promptly deleted. It's worth mentioning here again, that if anyone receives a notice like this from PayPal, Ebay, or their banking institution, promptly call that company and ask their customer service department if a notice was sent (any type of security update or validation should be done directly over the phone or in person). If not, they will ask you to send it to their fraud department.
The threat is real...be careful out there.
I was over at a friend's apartment yesterday to move around her computer and furniture. She asked me about a couple of things that came up recently on her internet and in her mailbox. I fixed the internet thing but this was a very interesting notice in her e-mails:
What is very interesting is that this elderly lady's first question to me was, “What's PayPal?” My “scam antennae” shot up right away! She had been the victim of a hoax virus e-card last year and it took me 2 days to root out all the spyware & trojans (I couldn't simply reformat the hard drive since she didn't have reinstallation software). Thankfully, she now asks me about anything that looks suspicious—like this. I was actually excited to see this in light of Lovinmalamutes' daughter's trouble with PayPal.
First thing to note with this phishing e-mail scam is this: the notice is too plain. Secondly, there is no copyright information about PayPal. Thirdly, the request is to log onto PayPal – once your login information is given away via a false front, you're done! The thieves have full access to personal and banking or credit card information—and they harvest this information in less than 5 minutes. But let's look at something else:
Right-clicking on the sender's e-mail and selecting 'Properties' reveals the fact that whoever sent it is not associated with PayPal at all! I did a quick Google search and found out that “tools.ca” is a domain for an accounting software firm, not having anything to do with PayPal. I didn't even want to click the link in the e-mail to see where it went or if it might install spyware on her computer. After taking these screen captures, it was promptly deleted. It's worth mentioning here again, that if anyone receives a notice like this from PayPal, Ebay, or their banking institution, promptly call that company and ask their customer service department if a notice was sent (any type of security update or validation should be done directly over the phone or in person). If not, they will ask you to send it to their fraud department.
The threat is real...be careful out there.
WIDGETIZE