Monday, June 13, 2011

Pay Pal Scam

I find I'm often writing about these types of scams over and over so I thought I'd write something I could refer to later.

It's very common to the point of passe' to get Pay Pal scams in email.  They're actually getting less common as they are kinda patently obvious, and people are getting wiser these days and scammers seem to have moved on to Facebook viruses and breaking into Yahoo accounts.  That said, there are always the Junior Scammers who are just getting their fingers going.

So in email, I receive something from allegedly from Pay Pal with the Subject line "Update your account"

Warning Notification

Dear PayPal Member,
It has come to our attention that your PayPal® account information needs to be  updated as part of our continuing commitment to protect your account and to  reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension.  Please update your records before June, 30, 2011.
Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal.
Click here to update your PayPal account information [link removed]


Now first of all Pay Pal says they NEVER send this sort of request, but that's not the only thing.
Key elements of a scam are:
  • Vague "Dear Pay Pal Customer
  • Ominous tone "Warning" "Account Suspension" "problems"
  • Sense of urgency - you need to act now
  • Some drivel about "protecting your account" for which their feet should be held to the fire for an extended period of time
One thing way that you know Pay Pal or your bank is really who they say who they are is that they address you by your name.  When that is missing, with a bit of practice it's absence really sticks out.
Then the ominous tone becomes a joke.  If you're not sure about something then try doing nothing and see what happens.  If there's really a problem you'll get more email or even a phone call.

Then in these scams there is usually (almost always) a link for you to click on.  The link may say "PayPal," but it's actually going somewhere else.  You can try this link:  PayPal
After you click on it, come back and just hover the mouse over it.  You will see nowhereinparticular.com, which I assure you has nothing to do with PayPal.

So when you get one of these emails if it's not plainly obvious it's a scam, you can hover your mouse over the link to verify that it's not PayPal, though you have to be careful.  Bad guys sometimes name things paypal.badsite.com, which is just them naming one of their hosts "paypal."  The "paypal" has to be right before the ".com/" for it to be legit.

1 comment:

Jeff P. said...

If you had Hotmail you would be used to seeing these almost daily from "The Hotmail Team." Urgent - your account is scheduled to be disabled unless you immediately send us your id, password, ssn, birth date, first born... I sometimes look ...at my inbox and see 5 or 6 emails from different people I've never heard of with exactly the same subject line and wonder how they could possibly think I'd be fooled into believing one of them was legit.