Sunday, October 7, 2012
New Twist on PayPaL Phishing is from PayPaI (with an i)
by Minnie Apolis
(deleted and re-published)
I had quite an upsetting Sunday this Jan. 22, when I checked my AOL email account and found two emails that turned out to be phishing scams or virus launchers. I was rather chagrined to see that the AOL email security would have allowed me to open the destructive attachments.
The first email is one that has been going around since about November 2011, purportedly from American Airlines confirming your (mythical) ticket purchase. The text has the flight number, an apparent ticket number, and the destination Richmond. Snopes reports that opening the attachment would launch an executable file. The attachment is titled “Ticket.zip.” Do not open that attachment and delete the email.
The second email is a new twist on the many PayPal (with an L) phishing scams. This one cagily is from PayPaI (with a capital i at the end). I did not notice this spelling error until I already decided it was a scam.
This PayPaI email says:
“PayPaI Banking Notification : Irregular Transaction In Your PayPaI Account
From:service
To:
Bcc:XXXXXXXXXXXX (at) aol.com
Date:Sun, Jan 22, 2012 7:59 am
Attachmenthttpd@support.paypal.com.html
Your online access has been temporarily suspended
We recently detected failed attempts to provide the correct answers to your security
questions. As a result, we temporarily suspended online access to your account.
Security questions are one of the ways PayPal confirms your identity. For your protection,
PayPal safeguards your account whenever there is a possibility that someone other than you
is attempting to sign on.
As a security measure we had to temporarily suspend your account.
PayPal is dedicated to protecting your information. Learn about our security questions and
what we do to protect your accounts online.
To restore your account we have attached a form to this email.
Please download the form and follow the instructions on your screen.
NOTE: The form needs to be opened in a modern, javascript enabled, browser
We apologize for any inconvenience this may have caused.
Please do not reply to this email directly. To ensure a prompt and secure response, sign on to email us.
Sincerely,
PayPal
Please note the sender address – service – misspells PayPal as PayPaI, an easy typo to overlook. I do note that the size of the attachments on the American Airlines email and the one on the PayPaI email are the same size. It could be the exact same destructive program but of course I am not going to open them to find out.
I am sure that if you go to your PayPaL account, you will be able to readily access it as per normal practice. You should access your banking or paypal or any other financial accounts using a separate tab or browser rather than simply clicking on a link that may be fake. Send suspicious emails to spoof (at) PayPal dot com.
Also note that on the American Airlines fake email, no AA logo appears, and the email address has the word news in it.
Thank you and be alert out there.
JIM DAVIS SAID:
Any E-Mail from Paypal, if you have a view pane window, view it and if it does NOT have your name or business name, forward it to spoof@paypal.com.
Any E-Mail requesting Log in or Password, or any other form of identification always consider it spam/scam.
All these businesses will address you direct and would never ask for this information via E-Mail, ever!
How do I report PayPal fraud or a PayPal Scam?
If you think you have experienced PayPal fraud or received a PayPal scam via email (e.g. a fake email pretending to be from PayPal), forward the entire email to spoof@paypal.com, and delete it from your email account. If you came across a fake PayPal website, contact our Customer Service team.
The industry's most experienced fraud team is on your side
PayPal processes billions of dollars in payments each year, allowing us to continually perfect our anti-fraud protections. We also work with federal law enforcement to catch criminals. As a result, PayPal's loss rate is less than half of the industry average.
PayPal actively stops fraud before it happens
PayPal looks at every payment in real-time. Our state-of-the-art fraud models and proprietary fraud engine work together to help stop fraudulent transactions before they happen. In addition, PayPal stays at the forefront of security, developing many anti-fraud technologies each year, helping to keep you safe from a potential scam.
Buyers are safe and secure with PayPal
Your security is PayPal's top priority. If you're a buyer, you can make secure purchases online without the seller ever seeing your financial information, including your credit card number. Plus, when you use PayPal to pay for a qualified listing on eBay.com, PayPal Buyer Protection provides up to $2,000.00 USD of coverage at no additional cost
Sellers are protected from chargebacks
If you're a seller, did you know that PayPal fights chargebacks on your behalf? On qualifying transactions, PayPal's Seller Protection Policy shields you from liability that you may be exposed to with a typical merchant account. From handling the paperwork to negotiating the argument, PayPal's experts fight chargebacks on the seller's behalf.
We use PayPal heavily, and all communications from them will have something like:
Dear Jim Davis:
It will NOT have PayPal Client or PayPal Customer ever....
And most banks are the same way...
30+ Years Credit Collection/Finance & Credit Repair experience!
INFOHACK SAID:
That's true, but you can't assume that "Dear Jim Davis" guarantees legitimacy either. The phishing email I mentioned below in comment #6 used my real, full name.
If you do business online there are many ways scammers can get your real name, for example contact information from your website if you have a link in your eBay listings, owner of record for your domain registration, etc.
JIM DAVIS SAID:
Well I keep my information so my name appears one way for business and another way for personal...
Dear Jim Davis: Was an example not how my name legally appears on business Items.
And using pass words that are 7-8 characters long with one being a letter also helps a lot.
NEVER keeping your passwords on your computer, changing them every 3-4 months can prevent all this from happening!
BLUEARCHER SAID:
Paypal Sucks Dot Com
Better alternatives are Dwolla, Google Check out, and Amazon.
This isn't just about people not getting what that they paid for, it's how PayPal manipulates the system to their financial gain, while letting their customers foot the bill.
Paypal, currently being sued by over 13 states. Not individuals but state administrations.
FORMERSTEW SAID:
Thanks, Minnie. I use paypal in my business, but I do not open anything sent to me...even transaction confirmations. However, I could see myself freaking out over an account suspension and open the email in a blind snit.
INFOHACK SAID:
The "I" is pretty clever. I never log in from an email either, but I usually hover over links to check out the url, just to verify my suspicions if it looks fake. It's pretty easy to spot fake url's in phishing emails. Sometimes if they have just copied from a real PayPal email or notification, there may be broken links in the body of the message as well.
I got a realistic-looking one recently saying that a payment had been declined, it's a pretty good attempt to get someone to bite, since your natural reaction is somthing like "the hell it was! I know the funds were there!:
Hello Curt M.,
Your recent PayPal transaction was declined because you have not linked a payment method to your account.
We can help you with that.
By choosing any of the payment methods below, you'll be able to complete your transaction—if you haven't already done so. Your future transactions will be faster and easier, too.
This one was from paypal@e.paypal.com, all the links went somewhere else too. I forwarded it to spoof@paypal.com.
I get quite a few eBay spoofs as well, basically the same method for reporting - spoof@ebay.com
MINNIE REPLIED:
Hi, infohack -- Thank you for the extra info and example of a phishing letter. I too try to get my cursor to hover over the "From" box to get the email it comes from. Usually works, not on every email service tho. Am not sure if the NEW Yahoo email service will let me do that and so I am clinging to the Classic. I know that the NEW Yahoo email will not show me the whole Subject header and I am disappointed in that.
Anyway, eBay is another notorious subject for phishing emails.
But tell me, what do you think is in the attachment?
INFOHACK SAID:
Worst-case scenario, attachments can contain malware like the Zeus trojan, which runs a botnet and downloads account and login info by keystroke logging and form grabbing. Zeus was used in those Bank of America phishing emails that were common a while back, and is now being used in phishing emails purportedly from tax preparers.
Just to be on the safe side you may want to run Microsoft's Malicious Software Removal Tool, it's updated the second Tuesday of every month and is pretty good at getting stuff that regular anti-virus software sometimes misses. You may need the 64 bit version if you're running Windows 7.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment