(I had planned on posting the “Why Mac OS X isn’t everything” post as I promised in my previous post, but I think that it’s more important that word about this gets out first)
Web 1.0 scam (for those of you who are only interested in the new scam, scroll down to “Version 2.0)
Back in 2002, there was a widespread PayPal email scam which warned users that PayPal had “problems” with their “computers” and required all users to “verify” their information with PayPal as they were afraid that your information might have been “affected”. In the end, every person who fell for that scam gave up their personal information to the “scammers”. This included things like your name, address, social security number, your mother’s maiden name, and most importantly: every single detail about your bank account and credit card number. The number of people affected by the scam must have been huge, considering how PayPal was already the site which many people were using to transfer funds online. This is what the scam looked like 5 years ago when we were still in the Web 1.0 phase:
These scams were pretty easily detectable, or at least they are a lot easier for many of us nowadays. The first picture claims “problems with one of our computer systems” which is extremely sketchy. Furthermore, they claim that your information might be affected, but they’re positive that your account balances are alright? Also, they actually claim themselves to be “an eBay company” at the bottom of the page, that really cracked me. Not to mention their horrible use of English, what with them wanting to take the “troubled system” offline and give all users that “repair their missing data” the next two incoming transfers for free. Then they continue on to make this statement which makes no sense at all: “If fees would normally apply, you will not pay anything for the next two incoming transfers you receive”. They might have gotten a 10 year old kid whose first language isn’t English to write that out for them. Furthermore, the address of the “Verification Page” is an IP address. However, 5 years later, scams have grown much more advanced and sophisticated, thus I present to you the “PayPal Email Scam Version 2.0″:
Why is it a scam?
First and most obviously, the email came from paypal@hotmail.com. This should immediately tell you it’s fake but many people tend to overlook it when they see the words “PayPal Team” in the sender with “Account Revalidation” in the subject. I received this email not too long ago in my Inbox claiming that “for safety concerns” they want me to “protect my account and reduce the instance of fraud on their website”. The irony… Their English has cleaned up quite a bit, but it’s weird that they want me to take some time out of my “online experience” to “update my personal records”. They also gave me one whole week to pass them my personal details verify my account, how kind of them 
But they warn me that if I don’t update my account, it will be suspended! Not to mention, they spell “paypal” without any capital letters at all. Last but not least, it came from the “PayPal UPDATE TEAM” with capital letters as if to encourage me to UPDATE. The best 
part is still probably this, check out when the mail was sent (left). There were 2 links in the page, the first one led to a site which looked like the original PayPal site while the second one was their very own User Agreement page. Their PayPal site looked like this:
At first glance, everything might seem normal. But take note of a few things. First there are a few options missing from the top right hand corner of the page. Also, the blue bar below the “Welcome”, “Send Money” and other options is missing which makes the site look a bit strange. Most importantly, the URL looks nothing like the legitimate PayPal URL. The most obvious flaw came when I could enter practically anything into my “Email Address” and “Password” fields and still access the page to “verify my account information”. That page looked exactly like the “Personal Account Verification” page from the 2002 PayPal scam. The page is really too long to be a legit one. PayPal never even asked that many questions when I signed up, let alone when I’m verifying information? How could I verify information if I didn’t even enter it in the first place? Unfortunately, I had actually just woken up from a nap when I saw the email and I fell for it. That was until I reached the verification page that I realised that the site was definitely fake. If some of you are still having doubts over it’s authencity, guess what I found when I tried to access the verification page 5 minutes later at the page where PayPal usually asks you to wait 5 seconds before redirecting you:
What do I do?
If you receive the scam, first of you DO NOT respond to it or click the links. You should immediately forward the email to spoof@paypal.com. That’s all you have to do, PayPal will take care of the rest. For those of you who reached my stage (ie. you entered your email and password and realised that it was a scam when you reached the verification page), I’d suggest you immediately change your password as they might have records of your entry. If you’ve already fallen for the scam and have given your personal information, I’d suggest you contact PayPal immediately about it as well as your local authorities, there’s nothing much you can do about it I’m afraid.
The only regret I have with writing this post is that few people will come across it. This site is still relatively unknown and I barely have a 100 visitors a day, many of whom might not read up till this point. For those of you who do, please get the word out. Either by linking to them this site or simply letting them know about it. Hopefully, we’ll be able to stop these scammers and educate everyone so that when the next one comes, we’ll be ready for it.
UPDATE: It seems like more than one person got it today, they sent everyone the same message on the same day from the same email address at the same time it seems. Here’s someone else who received it as well: http://www.gobinath.com/blog/2007/08/13/a-phising-mail-targeted-on-paypal-users.html
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.