I got this e-mail today:


-----Original Message-----
From: service@paypal.com [mailto:service@paypaI.com]
Sent: Tuesday, October 19, 2004 8:42 PM
To: Liss, Thomas [NGD:2482:EXCH]
Subject: Paypal Secure Measure Warning Message


http://%6dy%31%39%38%32online.net/paypal/images/paypal_logo.gif (http://www.paypal.com/cgi-bin/webscr?cmd=_home)
Dear valued PayPal member:
It has come to our attention that your PayPal account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.
However, failure to update your records will result in account suspension.
Please update your records on or before Oct 22 , 2004.
Once you have updated your account records, your PayPal session will not be
interrupted and will continue as normal.To update your PayPal records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run (http://%6dy%31%39%38%32online.net/paypal/update.htm)

Thank You.
PayPal UPDATE TEAM

Accounts Management As outlined in our User Agreement, PayPal will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy- outside (http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy- outside)

Notice the return address service@paypaI.com (address....service@paypaI.com) (a capital I instead of lower-case L). I went in, put in my login and password, and when I got to the other screen I noticed it wanted social security number and bank numbers and all that kind of stuff. Then I noticed that the connection wasn't secured. I got out and went immediately to the real PayPal website and changed my password and notified them. If you have an account you will likely get an e-mail like this. Be careful.

Tom

Thanks Tom.

Yeah, I've gotten this email and similar ones before.

The best thing to do is just NEVER click a link in an email that has anything to do with money.

Just go directly to paypal.com or mybank.com or whatever and check your account.

The spammers are getting more and more sneaky. Be careful out there folks.

Tom hover your mouse over the top link and youll see its NOT paypal you are going to - theother thig to look at is the address line to see where the link took you

THis is what it shows when you hover over it
http://%6dy%31%39%38%32online.net/paypal/update.htm

and this is what the address line says

http://my1982online.net/paypal/update.htm

Is NOT a legit site ....

Not even a good try

Someone tell PayPal? They always says he wil never ask your info over Email.

I called and e-mailed them. They know now. Here is what they sent me back...

-----Original Message-----

From: spoof@paypal.com [mailto:spoof@paypal.com (spoof@paypal.com)]
Sent: Wednesday, October 20, 2004 7:53 AM
To: Liss, Thomas [NGD:2482:EXCH]
Subject: RE: Q510 - Thank you for your email to PayPal (KMM1904224V76730L0KM)

Dear Thomas Liss,

Thank you for contacting PayPal.

Thank you for bringing this suspicious email to our attention. We can
confirm that the email you received was not sent to you by PayPal. The
website linked to this email is not a registered URL authorized or used
by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website.

If you have surrendered any personal or financial information to this
fraudulent website, you should immediately log into your PayPal Account
and change your password and secret question and answer information. Any compromised financial information should be reported to the appropriate
parties.

If you notice any unauthorized activity associated with your PayPal
transaction history, please immediately report this to PayPal by
following the instructions below:

1. Log in to your account at https://www.paypal.com/ (https://www.paypal.com/) by entering
your email address and password into the Member Log In box
2. Click on the Security Center at the bottom of the page
3. Click on 'Report a Problem'
4. Select the Topic: Report Fraud
5. Select the Subtopic: Unauthorized use of my PayPal Account
6. Enter your question in the 'Summarize your question in one
sentence' box
7. Click Continue
8. Follow the instructions to access the appropriate form

If you have any further questions, please feel free to contact us again.

Sincerely,

PayPal Account Review Department

************************************************** **********************
This email is sent to you by the contracting entity to your User Agreement,
either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is
authorized and regulated by the Financial Services Authority in the UK
as an electronic money institution.
************************************************** *********************
PayPal and its representatives will NEVER ask you to reveal your
password. There are NO EXCEPTIONS to this policy. If anyone claiming to
work for PayPal asks for your password under any circumstances, by email or by phone, please refuse and immediately contact us via webform at
https://www.paypal.com/wf/f=sa_pass (https://www.paypal.com/wf/f=sa_pass).

************************************************** *********************

Tom

Pretty common. I get well crafted emails purporting to be from Citibank, Paypal, Ebay, Household Bank all the time, all pointing to temporary, bullshit websites...

Gotta admire the effort they're going to...

I had a bunch of money stolen out of my paypal account about 6 months ago.

I was using the same password for my email and paypal accounts and somehow they sniped my email password and tried it on paypal the next time I signed in. They cleaned out my account, luckily paypal put the money back within a week since it was a fradulant transaction.

Now I never use the same password for anything. Almost learned that lesson the really hard way. :hammer:

Welcome to the world of "Social Engineering"... :( And you got pwnt. Don't feel too badly; I got nailed by a fake Yahoo S-E linkjust last week, thanks goodness I caught it as quick as you did.