Beware When Paying For Coins

[+joefrog]

I've been using Paypal and eBay for a long time, and I'm very familiar with the formats, payment methods, etc., of various online vendors. I still use it all the time to pay for coins.

 

I just received the best, the BEST, "phishing" letter in my email I've ever seen. These guys went through a lot of trouble to make it look like the real thing. This one was saying someone "with a foreign IP address" had been trying to access my account.

 

To the point -- be careful out there. Don't fall for these email scams! None of the banks, ebay, paypal, etc. will ever ask for your info via email. If there is ANY doubt of whether an email from Paypal is authentic, forwards it to "spoof@ebay.com" and they'll tell you "yes, we sent it" or "no, that's fake!"

 

 

Your friendly helpful neighborhood frog

[+BlueDeuce]

Yeah, they do look pretty real, don't they?

 

I get one every 3 months or so.

[+SilverMarc]

...To the point -- be careful out there.  Don't fall for these email scams!  None of the banks, ebay, paypal, etc. will ever ask for your info via email.  If there is ANY doubt of whether an email from Paypal is authentic, forwards it to "spoof@ebay.com" and they'll tell you "yes, we sent it" or "no, that's fake!"

Here's an easy way to determine a "phish" email:

 

Enter an incorrect password. If it's a "phish" email you'll find yourself with "access" to your so-called PayPal account (which wouldn't be possible).

 

Saavy web users often enter a fake password first to be sure of the legitimacy of a site.

 

--Marc

October 5, 2005 @ 2:22 PM

N40° 46.565' W073° 58.756'

[+junglehair]

Pretty much any email that you receive from PayPal is a fake unless you just sent a payment for something - then they send you a confirmation.

 

I generally forward the others to spoof@paypal.com just so they can track down the culprits. I too received one of their emails today.

 

Be warned to never enter your user name and password from a link in these emails. They are just trying to access that information so they can gain control of your account.

 

If you are not sure, and want to be safe, I recommend opening a new web browser window and logging into your account from there.

 

One of the things I look for is to see what the links actually go to. When you move your mouse over the link, you should see the URL listed on the bottom of the page (in Internet Explorer anyway). They usually say something like http://www.paypal-securitycheck.com or something like that. A true PayPal link would be https://www.paypal.com.

[+GrandpaKim]

If you are not sure, and want to be safe, I recommend opening a new web browser window and logging into your account from there.

Always open a new window and type the address in the address bar. That way you know that you're going to the site you want to go to.

[+zombie tribe]

also if someone emails you a bill. you can just log in to your ebay account (by going to ebay.com not the link in the message) and if that bill is legitimate it will be in your account, where you can just pay it from there.

[+AtlantaGal]

also if someone emails you a bill. you can just log in to your ebay account (by going to ebay.com not the link in the message) and if that bill is legitimate it will be in your account, where you can just pay it from there.

This is what I always do before I send a coin payment.

[+pdxmarathonman]

I got that same email.

 

The phishers even give the advice to type in the URL, expecting that you'll ignore it. When you mouse-over the hyperlinks you can see that the link is not to the indicated site by looking at the bottom of your browser frame.

 

Any click on the link will indicate that they have found a live address, and the phishing will likely increase to that account.

[+Kilted Cacher]

Very good info here. Thanks for passing it on. Also, when I receive payment, I go into my paypal account from a separate window and verify that payment was received.

[YemonYime]

Did anyone get the one supposedly from a mother pleading with you to answer her if you sold her daughter a new PC for $500 less than what the daughter told her it cost? You might think to yourself, man, this lady is screwed, so let me at least tell her it's not me to get her going in the right direction.

 

Once you click the "respond now" button, they know they've found a live fish on the line and will continue to send these and other spoofs to you.

 

Not sure if it's been said, but PayPal won't send anything to you addressed like "Dear Member". They use your real name, so that's a good way to pick out the spoof.

[+BlueDeuce]

What complicates things is that my Credit Card (CC) Company is very aggressive about internet purchase verification, which by itself is a very good practice. (As far as I'm concerned nearly every CC purchase should be followed up with a consumer verification of some sort). Mainly they call your home number asking that you call back to confirm the purchase.

 

Anyhoo, usually I get the call for the big dollar purchases, but recently I got the call for a $80 hotel reservation. (Which if you follow my spending pattern I do hotels quite a bit). That's okay, but I just don't follow up with VISA that quickly.

 

It so happened that before I called VISA I got the "paypal" notification that there was a problem with my credit card. I thought that maybe VISA sent something out to restrict any more purchases. Not too farfetched, but being suspicious by nature I don't call any company using the number they tell me to call.

 

Taking a closer look I could see that it was the usual scam. Unfortunately a lot of people are far more trusting.

 

There ought to be a law. Ya know what I mean?

[+BlueDeuce]

Did anyone get the one supposedly from a mother pleading with you to answer her if you sold her daughter a new PC for $500 less than what the daughter told her it cost?  You might think to yourself, man, this lady is screwed, so let me at least tell her it's not me to get her going in the right direction.

 

Once you click the "respond now" button, they know they've found a live fish on the line and will continue to send these and other spoofs to you. 

 

Not sure if it's been said, but PayPal won't send anything to you addressed like "Dear Member".  They use your real name, so that's a good way to pick out the spoof.

They just have no sense of decency.

 

Here's the deal. Use disposable internet email addresses.

 

I don't care if it's your dear sweet Aunt Trudy. She sends you that lovely internet greeting card, you're screwed.

 

Get yourself 5 or 6 of them (Netscape is a good location) and use one for each type of internet usage.

 

(If you are a seller and have to use a pop3 address then you shouldn't be surprised by those mothers contacting you about a sale you never made)

 

If your address is compromised then you only have to tell Auntie to use your new address and to keep sending greetings card via the postal service.

Edited October 5, 2005 by BlueDeuce

[+SilverMarc]

... When you mouse-over the hyperlinks you can see that the link is not to the indicated site by looking at the bottom of your browser frame ...

Checking the URL in your "status" bar is not recommended. They can be faked too:

 

- Encoding or obfuscating the fake web site URL: Depending on the method employed, many users will not notice or understand what has been done to a hyperlink and may assume it is benign. One variant of this technique (IDN spoofing) is to use Unicode URLs that render in browsers in a way that looks like the original web site address but actually link to a fake web site with a different address.

 

The above is from one of the more interesting monthly email newsletters I receive, here's the full article:

 

http://www.honeynet.org/papers/phishing/

 

Just when you think you have them figured out, they come back with more, so never even believe your eyes anymore. Type in the link, or use your bookmarks to get to a site where you have to enter a password.

 

--Marc

October 5, 2005 @ 8:59 PM

N40° 46.565' W073° 58.756'