cancel
Showing results for 
Search instead for 
Did you mean: 

PayPal Phishinig email warning

Eserim
Rising Star
Posts: 381
Thanks: 17
Registered: 01-08-2007

PayPal Phishinig email warning

For general info, I just got a PayPal phishing email notifying me (to one of the compromised email addresses, NOT the one i use for PayPal) that I had a payment panding, and a link to click on for details - I guess the link would have taken me to a site that would have stolen my PayPal login details.
The worrying thing is that Plus net Spam filters missed it AND Thuderbird Spam/phishing filters. So beware
Eserim
8 REPLIES
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Re: PayPal Phishinig email warning

Indeed, I got two of them - Apple Mail's junk filter caught it nicely though, which I was quite surprised by actually as I thought it'd think it was just a 'real' PayPal e-mail. I also got mine to addresses which aren't held by PayPal, so that was an immediate warning sign. FWIW, the URLs in it point to this address: http://www.paypal.com.cmd-login.com/cgi-bin/.
Moderators note by James_H : Made url red and bold, changed from clickable link to prevent folks visiting it by accident.
Community Veteran
Posts: 3,668
Thanks: 409
Fixes: 5
Registered: 05-04-2007

Re: PayPal Phishinig email warning

I've had loads of them, and it's funny the different tricks they try to use. They've gone beyond just the 'details confirmation' or the 'we're doing a hardware/software update' routine. I've had phising e-mails warning about phising e-mails and asking people to log into a fake site (seriously). Even got an e-mail one asking to respond to the from address with details, those scammers get low marks for effort there - they didn't even try to bother setting up a fake site.
If hadn't deleted them at the time, I'd post the text they used.
Despite that, some can be more convincing than others. I've even mistaken legitimate contact for phising. I once spent over £1000 on my Egg credit card one morning (the joys of an annual Travelcard for commuting into London), and I got a robot calling my work phone saying they're from Egg and need to confirm a transaction. Then it asked me for my card number and other details to be entered over the phone keypad, at which point I hung up. I guessed that it was probably legit, given it occurred exactly after I signed a receipt for a four figure sum (and it's not often I do that!) but still was cautious.
Fair enough them wanting to confirm such as large amount, but it was a silly way of doing so IMO.
I sent them an on-line message confirming I had spent that amount of cash (not through choice though), and if they had wanted to confirm a transaction a human should have phoned me and why did it need my details as they'd already have them. Not that you can trust a human much more than a bot I suppose, but still. Even if they'd rather save money by using a bot, I don't know why it didn't just say "This is Egg, please could you phone us on x regarding a recent transaction", and of course I would have verified x was the actual contact number, and rung them. Still think it was silly for a bot to request personal information out of the blue, when of course it could have been anyone.
They just acknowledged it was legit (and no doubt ignored what I said about their policies I guess).
rpaco
Hooked
Posts: 8
Registered: 23-11-2007

Re: PayPal Phishinig email warning

It's very unlikely that any email from Paypal is wanted. I have never received one that was both genuine and imparted any real information. You must know if anyone was due to pay you for anything and would have checked on the site yourself.
I used to amuse myself by filling in fake details on the Phishing sites, but a lot of these are blocked now.
Community Veteran
Posts: 18,793
Thanks: 258
Registered: 12-08-2007

Re: PayPal Phishinig email warning


If you have any doubts about an email from PayPal just forward it to spoof@paypal.com and they will reply very quickly telling you if it is real or not.
Similarly, ebay queries can be sent to spoof@ebay.com
minkey
Grafter
Posts: 386
Registered: 22-07-2007

Re: PayPal Phishinig email warning

IIRC paypal always have your full name in their emails so you should always know if its from them or not.
Jeff
ohforf
Dabbler
Posts: 14
Registered: 30-10-2007

Re: PayPal Phishinig email warning

I just got one from paypal too, it also said in the footer that all genuine mail from paypal will always have your full name. Thing is it never had my full name lol. A very bad attempt.
Not applicable

Re: PayPal Phishinig email warning

@Alex - I've had the Egg robot in the past too!
My actions were not that different to yours, except I didn't bother sending them a message saying that I'd spent some money on my card - I just put one of my other credit card into my wallet instead - If Egg didn't want to let me use my card to spend money, I know Lloyds would be more than happy to have the business back. Wink
nadger
Rising Star
Posts: 4,498
Thanks: 46
Registered: 13-04-2007

Re: PayPal Phishinig email warning

Quote from: minkey
IIRC paypal always have your full name in their emails so you should always know if its from them or not.
Jeff

I've bought 3 small laptop accessories, on eBay,  in last week so their emails are to hand and I'd agree with you.
Only time I actually read their emails is payment confirmation and subject line makes this obvious.