Paypal Users Read This:

A couple of days ago I have recieved an email from Paypal, stating that your account hasn't been in use and would like to renew your account information, or else they will put it on suspension.

First of all, a company like that would NEVER ask for your information, especially by email. Second, I made changes for all PayPal email to be sent to my Inbox. This particular email ended up in my Junk Mail. So I took my chances and deleted it.

Tonight I got a call from my mother who had the same email, and SHE CLICKED THE LINK, but thank god nothing showed up. Because of this she called the Paypal Company herself and they claimed they did not send any emails like that.

You may have already gotten this email already, if you deleted it, good for you. As for the others, please be on the lookout.

In the General thread about GOM I saw that the person had stolen Paypal accounts. Could this email been the method of aquiring those accounts? It's scary...

Yes.

Never ever ever give out your email / password / username via email. If Paypal wanted you to update info, they'd email you a link to log in, and ask you from the paypal site.

You also can tell these are scams by the horrible grammar in most of these emails.

it is a method of getting the acounts, but the domain name isn't paypals. look closer at the email (though you might have to look at the routing info, sorry geek here).

actually this one was darn near perfect , but that's a good first hint. Just don't assume if it looks good it is good.

I would think everyone who has been on the internet for any length of time longer than 3 days would recognize phishing when they saw it.

Hey, who wants to come and visit Paypal?

http://www.paypаl.com/
http://www.paypal.com/

Click them both - and spot the difference?

Thank's for the heads up.

Hard to pick out, but the first one is actually...

"http://www.paypаl.com/"

Where the "а" gets converted to "Cyrillic Small Letter A"

Exactly. But zoom right in on an а (Cyrillic) and an a (Roman) next to one another, and there's no difference; they're exactly the same, pixel-for-pixel.

Try's to alt zoom.

Opera has a zoom in the corner of the screen.

Never click links in emails unless you are SURE they are from who they say. A close friend with personal information in the email, for example, or an order confirmation email from a web store you just bought something from a few minutes ago.

If you get an email from a company like Paypal that you think MIGHT be legit, but it's not a response to something you did, don't click the link. Go directly to the site as you normal would from a bookmark or by typing in its URL. After you log in normally, if there IS some information they need to get from you, it will ask you then. This is MUCH safer, and not that much of a bother IF you know enough. (I had to give my grandfather this same spiel the other day.)

On a related note, another point of safty is to turn off the automatic downloading of html-email images. Most of the modern email clients can do this. (Thunderbird for PC and Mail for Mac are the two I use.) With automatic image downloads on, a spammer can send out emails with unique image pathnames. Then when the email is opened, the mail client asks the spammer's server for that image, and the spammer then knows that the email address is valid and live. This increases the chances that they re-sell your address to other spammers. With images off, you can still view html emails from parties you trust with a button on the page.

Always look for a lock icon in the browser's window border when entering in passwords and credit card numbers too...

To quote the (immitation) Mad-Eye Moody: "CONSTANT VIGELLENCE!"

NO. Don't even follow links. They can easily disguise the target of a link with a little html wizardry.

Both were very convincing. I'm gonna throw buckets of cash at both, and later, I'm gonna go on a frozen lamppost tasting tour! I hear the ones at malls taste like chocolate!

Thanks for the demonstration, Charlotte. I've learned a lot about PayPal today through this and http://www.paypalsucks.com. I have also just closed my account.

Pseudo-banks with such a checkered history, exempt from normal banking regulation and under review by several states' attorneys general are not firms I want to have access to my accounts.

Ugh.

Hard to pick out, but the first one is actually...

"http://www.paypаl.com/"

Where the "а" gets converted to "Cyrillic Small Letter A"

Note: I had to delete my old post, and post a new reply because the editor removed the encodings.

Actually don't do that either.. there might be ways to obfuscate the URL in firefox and whatnot to make it LOOK like paypal login, but not really

Sites like this rarely ask for "resubmission" of critical account information; if they do, call them up for it.

LF

We had gotten a similar email supposedly from Paypal -

You can forward such emails to a Paypal Fraud address - which we did, to alert them another such scam was out there.

"They'd email you a link to log in" is horrible advice - it is a way that people are constantly scammed. The link in the email looks legit, but it is a spoofed site. If you receive an email from Paypal or your bank or any other financial site, type in the URL of the site yourself - do not click on any links in email to go to these sites.

Additionally, users of non-Microsoft browsers are vulnerable to a new type of spoofing attack that takes advanced of international character support in URLs to create a spoofed URL that looks completely legit, even in the address bar - but has a different character in it - so it will look like www.paypal.com but the a is a different character code.

Across the board, DO NOT CLICK ON ANY LINKS in email, even from sites you trust, if they are asking for any kind of account information - hell I just avoid clicking on links in email altogether and just go to the site directly. Phishing attacks have reached a level of incredible sophistication because they are very lucrative - even very savvy computer users can be fooled.

On a similar subject, but different case...

Any of you that uses Mozilla, have you recieved a pop-up when you first open the browser...a pop-up about giving this browser a certificate or something, I forget the details. But it says that giving it would prevent the browser going astray and all the passwords and cookies that you used wouldn't go into the wrong hands...

I got this about a couple of days ago, and I was suspicious, so I clicked "cancel" and deleted all my saved passwords and cookies on Mozillia. I re-opened and the message didn't popup again, but now I only use it for browsing, nothing important like money transactions and private information.

I just hope it's not another scam...