July 9, 2009
An email came in this morning that warned me of my PayPal information being in error and needed to be fixed within 24 hours. Luckily it went to my junk mail folder but just in case it didn’t for others, this is clearly a phishing attack – it was not sent by PayPal and if you click on the link they provide to update your information, it would go to a nefarious website, http://220.127.116.11/manual/mod/mod_python/.cgi-bi… PLEASE don’t go there, I’m just showing that it isn’t a PayPal website URL at all. I cut off the end of the URL as well to avoid any accidental clicks.
The subject of the email was: You have 24 hours to confirm your PayPal personal information
Then it reads:
Dear PayPal member,
This e-mail was sent to you because we have detected an error in your billing information during our regular schedule account maintenance and verification. This might be due to either following reasons:
* A recent change in your personal information (i.e. change of address).
* Submitting invalid information during the initial sign up process.
* An inability to accurately verify your selected option of payment due an internal error with our processors.
You have 24 hours to click the link below and confirm your PayPal personal information, otherwise your ATM Debit / Credit Card access will become restricted:
May 8, 2009
For anyone with Telus.net email accounts out there – beware of an email phishing attack that you might get. The one I received had the subject line: WEBMAIL ACCOUNT and then proceeded to say that Telus is upgrading their database and require account holders to confirm their email identity.
DO NOT RESPOND TO THIS EMAIL – JUST DELETE!
The From: email address is: email@example.com so it is not from Telus as the tricksters want you to believe.
Visit this site: Fraud Watch International for information on how to protect yourself and receive detailed information on what you should do.
March 24, 2009
It’s such a shame because PayPal is such a great service and emails like these cause people to think that PayPal is the offender but in reality, they are the victims of someone stealing their identity and using it to glean private information from unsuspecting people that get these kinds of emails in their in box.
It all looks legit enough, but upon looking at the source code, these emails are NOT coming from PayPal at all – if you get an email like the one below – DO NOT CLICK ON THE LINK! It’s a phishing message meant to capture your personal data. Just delete!
Here’s the first part of the email:
Secure Your PayPal Account!
Dear PayPal ® Customer,
While performing it’s regular scheduled monthly billing address check our system found incompatible information which seams to be no longer the same with your current credit card information that we have on file. If you changed your billing information or if you moved from you previous address please follow up the link bellow and update your billing information: If you didn’t change any of this information you still need to follow up the previous link and update your existing billing information because it means that our database regular scheduled update wasn’t made correctly. Choosing to ignore this message will result in to a temporary suspension of your account within 24 hours, until you will choose to solve this unpleasant situation. We apologies for any inconvinience this may caused you and we strongly advise you to update your information you have on file with us. To secure your PayPal account please visit the link below:
Always be cautious and suspicious of such emails – no matter who it is from. The subject line often looks official and important so if in doubt, contact the company the email was supposed to be from or check with your web developer and avoid getting attacked.
February 24, 2009
I just got this in my in-box. It looks legit enough – has the Hallmark logo and a nice invite to click on the link and view the “someone who cares about me” postcard they sent.
I was immediately suspicious for a few reasons – first it doesn’t have an email address of the person sending it to me. The legit ones always say either the email address or the name of the sender. Second, it looked too plain and not the usual stylings of Hallmark.
Sure enough, I checked the source code and it’s a Trojan attack. Had I clicked on the link to view the card, my computer would have installed a Trojan Horse to do whatever malicious intent it was meant to do.
Read more about it here. Whatever you do, don’t click on the link of anything in an email you receive unless you know the person. Here’s what the full email said:
Hello there. You’ve got a postcard from someone who cares for you.
In order to downoad your postcard, click on the link below:
http://www.hallmark.com/postcards/client72637541 (this did not link to the hallmark site, instead it was an EXE file that would have installed a trojan on my computer)
Thank you for using Hallmark services.
February 17, 2009
I just received another Phishing email supposedly coming from PayPal. The subject line reads: Important Information Regarding Your Account !
If you receive a similar email, delete it and forget about it – it’s a “phishing” attack where some nefarious character is trying to get you to divulge your personal information by clicking on the links provided. Please don’t! No legitimate company will ask you to do this – especially PayPal or a bank.
On this particular email, the “reply” email address is: firstname.lastname@example.org – which is definitely not PayPal!
December 20, 2008
Alert: If you receive an email from PayPal with the subject line: Update Your Information, do NOT click on the link – it is a phishing attack meant to steal your personal information.
(Quoting PayPal) What is Phishing?
Phishing is a form of fraud designed to steal your identity. It works by using false pretenses to get you to disclose sensitive personal information, such as credit and debit card numbers, account passwords, or Social Security numbers.
What do you do?
PayPal wants to know when these types of emails are being sent out. You can forward the offending email to: email@example.com and then delete the email. Do NOT click on any links within the email.
For more information and details on similar phishing attacks, read The Phishing Guide from the PayPal site.
Always be wary of ANY email that asks you to click a link and enter in personal information – even if it looks official, the odds are great that it is not legit. Be safe and ask your webmaster or go to the official website of the company the email is representing to find out if it is legit or not.
It’s an unethical Scam!
If you receive a letter in the mail from ‘Domain Registry of Canada’ asking you to renew/transfer your .CA domain name it is probably NOT legit! Yes, they are a legit domain registrar but they feed off of unsuspecting people by sending very official looking letters through the mail and making it look like your domain name is registered through them, indicating it is time to renew.
Domain names are rarely renewed via regular mail and usually done via email. If you receive a renewal notice from anyone named: Domain Registry of Canada, double check who your domain registrar is before sending any money. You can do this by either contacting your Web Master or checking a Whois database. The odds are good that you do not have a domain registered with them and if you do, I highly recommend you don’t partake in their unethical, albeit legal, practices.