Skip to main content
Topic: New PayPal spoof email warning - they're getting smarter (Read 2238 times) previous topic - next topic

New PayPal spoof email warning - they're getting smarter

Well, I've always thought that you could automatically identify a fake PayPal email by the fact that they didn't include your name (they were always addressed to "you@youremail.com" or "Dear Paypal customer", etc. Well, now they've gotten a bit more clever - somehow they have found out my real name and used it in the scam email. I'm guessing that at some point I either bought something from somebody or received payment from somebody and they gave my name and email to these scammers (I buy lots of stuff (LED's) from Hong Kong, so that's likely it).

There are still ways to identify the scam (the first being that if you really did buy something you'd know about it). One way is that the only actual text in the email is the "Dear Carmen Burrows" bit - the rest of the email is an image, so if you use Outlook and have it set to not display remote images you'll only see your name. As always, you can also tell by hovering your mouse over the link and looking in the lower left corner of the screen to see where that link actually takes you. Finally, and most importantly, you can protect yourself by NEVER CLICKING ON A LINK IN AN EMAIL. If you think somebody has diddled with your eBay or PayPal account, close your email, open up a browser window, and go to your account by manually typing it in. If the "purchase" described in the fake email is not there, then you obviously don't have a problem.

A screen shot of the latest (and cleverest) spoof:
2015 Mustang GT Premium - 5.0, 6-speed, Guard Green - too much awesome for one car

1988 5.0 Thunderbird :birdsmily: SOLD SEPT 11 2010: TC front clip/hood ♣ Body & paint completed Oct 2007 ♣ 3.55 TC rear end and front brakes ♣ TC interior ♣ CHE rear control arms (adjustable lowers) ♣ 2001 Bullitt springs ♣ Energy suspension poly busings ♣ Kenne Brown subframe connectors ♣ CWE engine mounts ♣ Thundercat sequential turn signals ♣ Explorer overhead console (temp/compass display) ♣ 2.25" off-road dual exhaust ♣ T-5 transmission swap completed Jan 2009 ♣

New PayPal spoof email warning - they're getting smarter

Reply #1
Upon looking at the email again one can see some other clues that this is a spoof:

1) The shipping information is not mine. If this was a real "receipt" the shipping info would at least have my name. Since this is part of an image and not actual text, the shipping info (James Dickinson, etc) is predetermined and will not match your own.

2) No email that PayPal ever sends would say "If you haven't authorized this charge, click the link below to cancel the payment and get a full refund". You cannot simply cancel a payment through PayPal once it has been sent; you must go through a whole "dispute resolution" system, and PayPal does not advertise that system in their emails. They don't want you to do a dispute because they lose money on them. They're sure as hell not gonna give you a button to do it in an email.
2015 Mustang GT Premium - 5.0, 6-speed, Guard Green - too much awesome for one car

1988 5.0 Thunderbird :birdsmily: SOLD SEPT 11 2010: TC front clip/hood ♣ Body & paint completed Oct 2007 ♣ 3.55 TC rear end and front brakes ♣ TC interior ♣ CHE rear control arms (adjustable lowers) ♣ 2001 Bullitt springs ♣ Energy suspension poly busings ♣ Kenne Brown subframe connectors ♣ CWE engine mounts ♣ Thundercat sequential turn signals ♣ Explorer overhead console (temp/compass display) ♣ 2.25" off-road dual exhaust ♣ T-5 transmission swap completed Jan 2009 ♣

New PayPal spoof email warning - they're getting smarter

Reply #2
We see these things all the time in my line of work.  You are right.  They are getting more and more clever and harder to spot for the average Joe computer user.  Most people don't know how to view the source code of a message, which will give away a scam every time because of the URLs they usually reference.  I wonder how much money is stolen every year because of shiznit like this.
-Jim
1987 Cougar LS 5.0

New PayPal spoof email warning - they're getting smarter

Reply #3
frickin unreal...thanks carm for keeping us in the light on this ....
:america: 1988 Thunderbird Sport, Former 4.6 DOHC T56 conversion project.

Rest of the country, Welcome to Massachusettes. Enjoy your stay.

 
Halfbreed... Mango Orange Y2K Mustang GT
FRPP complete 2000 Cobra engine swap, T56 n' junk...
~John~

New PayPal spoof email warning - they're getting smarter

Reply #4
Yeah, thanks Carm.  I have been paying for a lot of shiznit off ebay with paypal so the info is GREATLY appreciated.
thanks again

New PayPal spoof email warning - they're getting smarter

Reply #5
I dont even have a PayPal account and I got something like that. Appreciate the info.
85 Tbird 5.0
78 F150 351w
13 F150 4x4 3.5 Ecoboost

New PayPal spoof email warning - they're getting smarter

Reply #6
Yea Carmen thanks, I been buying some old radios(1928 & 1936 baby, fornicatek xm) off ebay so guess I better watch out...

New PayPal spoof email warning - they're getting smarter

Reply #7
So you know there are people working hard to spam for Paypal accounts, I just turned 1 in the other day.  Triing to get me to help him,  He's been aggrovating the hell outa me via YIM,  So i asked him what all he needed told him I would tell him how to do it, If he would tell me what i got in return.  He fell for it.  I contacted Paypal and a couple freinds I have in the FBI (know them from when I did ATM networking, data encryption and ATM fraud)  Gave him all his contact info and they are going to find him and prosecute.  At least 1 down.

New PayPal spoof email warning - they're getting smarter

Reply #8
I fell for one of those paypal spoofs last year (it was the first time I ever got one and I wasn't thinking). They got about $300 out of my account before my bank noticed and locked the account, and fortunately I got all the money back.

Now, if I get an e-mail from paypal I always check the link before I do anything. Generally I just delete them because any of them that say "unauthorized access to your account," "e-mail address added to your account," etc. are fakes.

Garrett H.
'94 F250 XLT- 4x4, 5 speed, 7.3 IDI Turbo Diesel, 4" intake, 4" exhaust, 5" turnout stacks, manual hubs, etc.
'87 Thunderbird Turbo Coupe
Engine, wheels, tires, etc!
Exhaust sound clip
Another clip

New PayPal spoof email warning - they're getting smarter

Reply #9
If you turn off HTML e-mail, finding Paypal spoofs becomes much, much easier to find. Instead of the nice graphics and whatnot, you will see this:



You can easily see the "http://www.google.ro/url?..."  in the code. That's a redirect to the spoofer's site. Dead giveaway every time.

New PayPal spoof email warning - they're getting smarter

Reply #10
Yeah that's what I was saying about a lot of people not knowing how to view the source code of the message.  It will give you the same information.  You don't even have to turn off HTML.  Just right-click on the message and view the "Properties" or "Options" of the message.
-Jim
1987 Cougar LS 5.0

New PayPal spoof email warning - they're getting smarter

Reply #11
Quote from: jkirchman
  Just right-click on the message and view the "Properties" or "Options" of the message.


Thats's easier said than done for the Mac's...
 

New PayPal spoof email warning - they're getting smarter

Reply #12
Quote
Thats's easier said than done for the Mac's...

Ctrl-click is the equivalent of right-click on a Mac...should bring up the same information.

New PayPal spoof email warning - they're getting smarter

Reply #13
Yeah but Macs are what, like 3% of all personal computers in use today? 

Okay, 97% of you can do the right-click thing.  The other 3% can click the "Message" menu in the Mail program, then point to "Show" and click "Raw Source."  That should give you the HTML of the message.

Happy now, Equal-Rights Tom?  ;)
-Jim
1987 Cougar LS 5.0