Heads Up Peep's

[Ldub]

Just received a VERY official looking email from paypal(not), indicating that a third party had tried to access my account.
Due to this, my account had been given a limited access status.
Then there was a long form requesting all my personal info., acct. #'s, etc. to get re-enstated...hmmmmmmm, I don't think so.
I went to my acct., reported it to their consumer fraud or whatever it's called & they just emailed me back thanking me & saying they were checking into it.

Just a FYI.

[Joe_Black]

Yeah, I get the same one every few months from spammer-land. On one forum I run we've got a sticky thread where we all post eBay/PayPal scam emails so all can see what's "in the field".

[Ldub]

First I've seen of it...just got done changing my pass word anyway.

[SPAZZ]

I got a Spam email, but looked totally real that was a "fishing scam" email trying to get me to click on their link.

It went like this. They sent me an email saying that I purchased this cell phone for a few hundred dollars off Ebay and that they were going to charge my Paypal account in like 24 hours if I didn't click their Paypal link and deconfirm and give all my bank info and personal account info and also confirm all my Ebay account info too.

At first I freaked out, then I laughed pretty hard. Pretty good scam. I minumized screen, opened new screen, opened up paypal and got their fraud link, and forwarded email to them. They sent me a thank you email and said that it was not valid and that they were tracking it overseas somewhere and lost track in europe.

I have also seen on AOL messenger a messenge pop up and say your account is about to be suspended please give me your account info yeah right as if!!!

[VCAMILO]

I get it every few months. Its all started when they stole PayPal web code last year. BE CAREFUL

[WyrreJ]

The net is full of stuff like that. First rule is to never ever click on a link you got via email. No matter how confident you are. Instead, type in the website and navigate from the front page to wherever you are supposed to go. It also helps if you have previously bookmarked the site, that way you can use the bookmark and rule out typos (for example, try going to paypal.cm - .cm is the country code for cambodia and they are now redirecting all typos to their own advertising which is harmless but just imagine what a malicious "typo-squatter" could pull off).

[nfpgasmask]

This is what is commonly referred to as e-mail "fishing". I get dozens of these emails every month, from Paypal, eBay, banks, credit card companies, you name it.

I always roll over the link they supply in the e-mail and see it pointing to something like:

http://64.12.128.53/web/~paypal/info/login.asp

or somthing like that. That is a sure fire way to tell the link is bogus and out to steal your login. Plus, as a general rule, never login to any site via an
e-mailed link, otherwise you're asking for trouble.

The world is full of scammers, hackers, and hijackers, and that's something we all have to live with.

Bart

[transio]

The Russian mafia controls a huge amount of online pay fraud.

[Triathlete]

The newest scam is caller ID. The criminal mind has figured out how to manipulate the caller ID from thier end to make it read what they want (a bank, loan Co., etc.) and just like the net scams they fish you for info. BEWARE!

[Tone]

Happens all the time - forward it to spoof@tonemonday.com - True Paypal emails will always address you by your full name at the top of the mail like:
Dear Anthony Monday,

This is to notify you that a payment....

And they will never ask for your user name or password.

[WyrreJ]

The newest scam is caller ID. The criminal mind has figured out how to manipulate the caller ID from thier end to make it read what they want (a bank, loan Co., etc.) and just like the net scams they fish you for info. BEWARE!

Indeed, this one has the potential to fool a lot of people and the banks have got nothing in place to protect you. The best thing you can do is make the caller prove they are who they say they are by having them tell you something about your account that would be hard for a 3rd party to figure out - like your account balance on the last statement.

Or you can simply refuse to talk to them and instead call them back at the phone number listed on a recent statement. Note that if the caller gives you a number to call back at, even a toll-free number, you can't trust that it is an official number and not one controlled by the phisher.

[Mark B]

I get the same thing all the time. My brother had this happen to him. They got his account information and he lost a couple hundred of dollars.

[kpaske]

Like nfpgasmask stated, the easiest way to identify bogus links in your e-mail inbox is to roll the mouse over the link WITHOUT clicking - the status bar at the bottom of your browser will show the ACTUAL ADDRESS that the link is pointing to (the "link" that your mouse is hovering over can say anything you want - it's the address that appears at the bottom that tells you where it will actually take you). Look at these two examples:

This is my first example
This is my second example

So if you get an e-mail from eBay that points you to a link that doesn't start with www.ebay.com then you can be pretty certain that it's not from eBay.

Something that I do that helps tremendously is that I use two e-mail accounts. One is for PEOPLE that I know. I NEVER use it for web site forms or anyone who I am the slightest bit unsure what or when they will send me things. I use another account for everyone else, and I ALWAYS use my initials, even for first and last name (or an abbreviated form such as K Paske) when using this account. That way, everything that is addressed to me using K Paske I know is unsolicited. My junk mail filter is set to send anything from anyone NOT in my address book to the junk mail folder, which I scan periodically for solicited e-mails that slip through.

This system works well for me, I VERY RARELY ever get spam in either of my primary mailboxes, and e-mails from people that I know get through quickly. This also helps filter the SCAM e-mails because I've got eBay, PayPal, etc in my address book, so if they really send me something, it goes straight into my inbox, while the spam-scams get tossed into junk mail (beware that if the spammer knows how to spoof his address and chooses the right one, it might make it through my filter; then I rely on the content [such as false links] to send up the red flag).

Hopefully these tips might help someone.

[Anita]

Also, if you roll over a "link" and it doesnt give you an address, you can always right click on the link and check Properties. The address will show there.

[Tobert]

Like nfpgasmask stated, the easiest way to identify bogus links in your e-mail inbox is to roll the mouse over the link WITHOUT clicking - the status bar at the bottom of your browser will show the ACTUAL ADDRES

There have been browser/email client bugs that allowed these jerks to spoof that, too. Doubly so if you have javascript enabled.

As others have said, NEVER click on a link or enter into a form from email. Go to your bank, paypal, ebay, whatever directly by your normal, trusted route and navigate from there. Nothing else is really safe.

I think Ebay has a nice page on how to look at your email headers to truly determine whether or not the message is spoofed. That said, I've even seen some rather convincing headers before, which in reality isn't that hard to do (but there's always some evidence unless you crack the spoofed site's DNS). I'm a Unix Sysadmin though, so I've been reading email headers for years. It's not for the faint of heart.