Well, I've always thought that you could automatically identify a fake PayPal email by the fact that they didn't include your name (they were always addressed to "you@youremail.com" or "Dear Paypal customer", etc. Well, now they've gotten a bit more clever - somehow they have found out my real name and used it in the scam email. I'm guessing that at some point I either bought something from somebody or received payment from somebody and they gave my name and email to these scammers (I buy lots of stuff (LED's) from Hong Kong, so that's likely it).
There are still ways to identify the scam (the first being that if you really did buy something you'd know about it). One way is that the only actual text in the email is the "Dear Carmen Burrows" bit - the rest of the email is an image, so if you use Outlook and have it set to not display remote images you'll only see your name. As always, you can also tell by hovering your mouse over the link and looking in the lower left corner of the screen to see where that link actually takes you. Finally, and most importantly, you can protect yourself by NEVER CLICKING ON A LINK IN AN EMAIL. If you think somebody has diddled with your eBay or PayPal account, close your email, open up a browser window, and go to your account by manually typing it in. If the "purchase" described in the fake email is not there, then you obviously don't have a problem.
A screen shot of the latest (and cleverest) spoof:
Upon looking at the email again one can see some other clues that this is a spoof:
1) The shipping information is not mine. If this was a real "receipt" the shipping info would at least have my name. Since this is part of an image and not actual text, the shipping info (James Dickinson, etc) is predetermined and will not match your own.
2) No email that PayPal ever sends would say "If you haven't authorized this charge, click the link below to cancel the payment and get a full refund". You cannot simply cancel a payment through PayPal once it has been sent; you must go through a whole "dispute resolution" system, and PayPal does not advertise that system in their emails. They don't want you to do a dispute because they lose money on them. They're sure as hell not gonna give you a button to do it in an email.
We see these things all the time in my line of work. You are right. They are getting more and more clever and harder to spot for the average Joe computer user. Most people don't know how to view the source code of a message, which will give away a scam every time because of the URLs they usually reference. I wonder how much money is stolen every year because of shiznit like this.
frickin unreal...thanks carm for keeping us in the light on this ....
Yeah, thanks Carm. I have been paying for a lot of shiznit off ebay with paypal so the info is GREATLY appreciated.
thanks again
I dont even have a PayPal account and I got something like that. Appreciate the info.
Yea Carmen thanks, I been buying some old radios(1928 & 1936 baby, fornicatek xm) off ebay so guess I better watch out...
So you know there are people working hard to spam for Paypal accounts, I just turned 1 in the other day. Triing to get me to help him, He's been aggrovating the hell outa me via YIM, So i asked him what all he needed told him I would tell him how to do it, If he would tell me what i got in return. He fell for it. I contacted Paypal and a couple freinds I have in the FBI (know them from when I did ATM networking, data encryption and ATM fraud) Gave him all his contact info and they are going to find him and prosecute. At least 1 down.
I fell for one of those paypal spoofs last year (it was the first time I ever got one and I wasn't thinking). They got about $300 out of my account before my bank noticed and locked the account, and fortunately I got all the money back.
Now, if I get an e-mail from paypal I always check the link before I do anything. Generally I just delete them because any of them that say "unauthorized access to your account," "e-mail address added to your account," etc. are fakes.
If you turn off HTML e-mail, finding Paypal spoofs becomes much, much easier to find. Instead of the nice graphics and whatnot, you will see this:
(http://www.coolcats.net/ximages/ppspoof.jpg)
You can easily see the "http://www.google.ro/url?..." in the code. That's a redirect to the spoofer's site. Dead giveaway every time.
Yeah that's what I was saying about a lot of people not knowing how to view the source code of the message. It will give you the same information. You don't even have to turn off HTML. Just right-click on the message and view the "Properties" or "Options" of the message.
Thats's easier said than done for the Mac's...
Ctrl-click is the equivalent of right-click on a Mac...should bring up the same information.
Yeah but Macs are what, like 3% of all personal computers in use today?
Okay, 97% of you can do the right-click thing. The other 3% can click the "Message" menu in the Mail program, then point to "Show" and click "Raw Source." That should give you the HTML of the message.
Happy now, Equal-Rights Tom? ;)
Nicely done, Jim. :)
And we're up to 4.11%---woohoo!
http://www.insanely-great.com/news.php?id=5607
so i keep getting email from different people asking where their package is as they have nor received it and they are going too report me. these are obviously total bs and look a little fishy. i suppose they would possibly sneek by if you did alot of volume on ebay.
i dont actually know if its a scam or some sort of attemp too get my info. its not exactly paypal but theres plenty of damage someone could do with your ebay info i suppose....
screenshot of the email...
Yeah, that's a scam. It's very common, and the "question" varies, but it's definitely a scam.
I pretty much delete everything that Isn't a reciept for a purchase from paypal nowadays. I pay etremely close attention to who the money is supposedly going to, and if it is a generic paypal email about any random thing I just delete it. Thanks for the info on this one though.
Yeah, I just got one of those the other day claiming I won a home entertainment systems and hadn't paid yet......Uhhhh...no I didn't.
Losers.....