Paypal Caution: all that use Paypal please read

[Executioner]

I received this email, and after carefully looking at it, it looked very legit from Paypal. The purpose of the message was to inform me that I had added another email address, and it was confirming this decision. To verify, I actually logged into Paypal to verify, and it was not added. I sent the email to Paypal, and they confirmed that it was a spoof.

Here is the text of the email:
=========================================

Date: 12 Nov 2005 00:07:59 +0900
To: xxxxxxx@yahoo.com
Subject: New email address added to your PayPal account !
From: service@paypal.com

You have added peter_beggs@yahoo.com as a new email address for your PayPal account.

If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:

https://www.paypal.com/us/wf/f=ap_email

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page.
-----------------------------------------------------------------

PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at
https://www.paypal.com/. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
-----------------------------------------------------------------

PayPal Email ID PP1037

=========================================
As you can see, it looks pretty legit.

Here is the response from Paypal:

Dear Charlie Wathen,

Thank you for contacting PayPal. We appreciate you bringing this suspicious email to our attention.

Commonly referred to as phishing, these emails are sent by fraudsters in an attempt to collect sensitive personal or financial information from the recipients. PayPal takes phishing threats seriously. Our fraud prevention specialists are working 24/7 to help protect you and enable the community to stay safe.

After review, we can confirm that the email you received was not sent by PayPal. Any website which may be linked to this email is not authorized or used by PayPal.

Our fraud prevention team is working to disable any website linked to this email. In the meantime, please do not enter any information into this website. If you have already done so, you should immediately log into your PayPal account and change your password, as well as your security questions and answers. We also recommend that you contact your bank and credit card company immediately.

If you notice any unauthorized activity on your PayPal account, please report it to us by following the instructions below:

1. Log in to your account only from the PayPal website. Do not use links provided in any email.

2. Click on the Security Center link at the bottom of the page.

3. Click on the 'Unauthorized Transaction' link under the Report a Problem column.

4. Follow the instructions on this page in order to access the appropriate form.

Lastly, we recommend taking a few steps to protect yourself from identity theft:

> Download the SafetyBar, a toolbar for Outlook and Outlook Express, which identifies known spoof emails.
> Get eBay Toolbar with Account Guard which warns you when you're on a potentially fraudulent (spoof) Web site.
> Frequently monitor your account for suspicious activity.

For additional tips please visit the PayPal Security Center at http://www.paypal.com/security.

Once again, thank you for reporting this suspicious email. Your vigilance helps us in our efforts to protect the PayPal community. If you have any further questions, please feel free to contact us again.

Sincerely,

PayPal
______________________________

Important: PayPal and its representatives will NEVER ask you to reveal your password. There are NO EXCEPTIONS to this policy. If anyone claiming to work for PayPal asks for your password under any circumstances, by email or by phone, please refuse and immediately contact us via our secure webform online.

************************************************************************
This email is sent to you by the contracting entity to your User Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is authorized and regulated by the Financial Services Authority in the UK
as an electronic money institution.
***********************************************************************

[DoPeY5007]

I use outlook for my mail, and I mouse over a link and you can see if it is real or fake.

If you get an e-mail from eBay or PayPal and you may think iti is fake forward it to spoof@paypal.com or spoof@ebay.com eBay will respond back to you telling you if the message was fake or real

[dadx2mj]

I've been getting that email or one very similar to it for weeks now...funny thing is I have never had a PayPal account.

[DoPeY5007]

I just got a chase bank one. I don't have an account with them. Just never click the "Bank" e-mails.

[RubberDuckie]

I personally do not pay any attention to ANY email I did not request.

[Pugsley]

I fill out the forms at the fake sites. this way it just waters down their database with useless info.

[Gillbot]

If I get any of those emails, I just manually go to https://www.paypal.com and login to check.

[Shadow250]

i do what pugsley does sometimes. i write stuff like name: your retarded address: 7734 hells dr.
stuff like that. kinda funny to think of them reading it.

[xman1102]

i've been getting these emails too and at a glance they seem legit. i moused over the link the first time i got one and noticed it wasnt to Paypal. i can definitely see how someone would fall for this...i know my wife would, i had to warn her about these emails.

[nutxo]

I got an email from paypal a week and a half ago. It said a merchant had compromised my CC and they cancelled it. I called paypal. It was legit and I had to get a new card.

[rndmtask]

I fill in crap too. but crap that looks legitimate. That really waters down the database and if everyone who knew what was going on did that then we would be good. But the link in that email you posted goes to the real paypal. Did you fix it to be right or is that the real place it sent you?

[wpublic]

those emails usually are html with images and links pointing to the real bank or paypal site. all except for one link in the middle where you click.

then the dummy page you go to all have the same links pointing to the legit site except for the form/post function which hides the true recepient in a .js file. get the .js file and you will see where the info is going. usually to a free email account that is checked by someone behind an anonymous proxy where they get your stuff and sell it.

you can usually see the real IP of the dummy page. usually a school system or small ISP in SE asia, but i have seen them from anywhere someone can remotely set up a web server without the admins catching quickly. these pages can usually get shut down quickly by reporting to their domain admins, but they don't care if those pages get shut down, another will just poop out somewhere else and the damage has already been done.

this type of fraud is an industry and more organized than some might think. the best way to get them is giving them BS info. many, many times. then the person won't just lose business selling all your CC infos, they would probably get their head cracked by the types they deal with.

at the least, they would know not to send emails to you anymore.

[DoPeY5007]

Originally posted by rndmtask
But the link in that email you posted goes to the real paypal. Did you fix it to be right or is that the real place it sent you?

That is because he did a copy and past, the hidden link was in the HTML that didn't come over to the forum

[rndmtask]

Originally posted by DoPeY5007
That is because he did a copy and past, the hidden link was in the HTML that didn't come over to the forum

Thought so. The reason I don't fill them out multiple times is I figure they're smart enough to realize 20 people don't share the same cable modem IP.

[bigdaddy51]

Quick note any legit paypal communication will refer to you by name, NOT dear customer etc. I get at least 2 a week