Am I being phished?

Posted by: Tim Danaher on 16 March 2005

Just received an e-mail from PayPal, stating that my account has been suspended:

quote:

Dear PayPal member,

We regret to inform you that your PayPal account has been suspended due to concerns we have for the safety and integrity of the PayPal community.

Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Due to the suspension of this account, please be advised you are prohibited from using PayPal in any way. This includes the registering of a new account.

The fastest and the most efficient way of becoming unsuspended is by clicking on the link below, login into your account and provide us additional information.

http://www.PayPal.com/aw-cgi/PayPalISAPI.dll?Sign&ssPageName=h:h:sin:US

Please note that any seller fees due to PayPal will immediately become due and payable. PayPal will charge any amounts you have not previously disputed to the billing method currently on file.

I presume that this is an attempt at 'phishing' -- harvesting personal and password data?

Clicking on the link takes me to a very official-looking page, so be warned.

Posted on: 16 March 2005 by starbuck

quote:
Clicking on the link takes me to a very official-looking page, so be warned.

Certainly sounds phishy, especially as Paypal and ebay both say never to follow links sent to you in emails. If you haven't already, I'd recommend running some sort of spyware/virus check to make sure you've not picked up a bug from the link.

Thanks for the warning,

Chris.

Posted on: 17 March 2005 by Aiken Drum

Hi Tim,

I saw a number of those coming through when we were on Tesco.net - I sent them all to the bogus email address on ebay. Since moving to another provider, this sort of thing (and junk emails I will add) has stopped.

I make it a policy not to reply to any such email - I figure that if ebay have anything to say to me, they can do so when I am logged on.

Just be careful.

Brad

Posted on: 17 March 2005 by seagull

I got one too, it went straight in the bin.

I had one recently purporting to be from ebay but it came through with all the html code visible. I sent that one to ebay.

Never ever click on the links. My son must have done when he was using MSN last week and he managed to infect the pc with a particularly nasty new worm which prevented all attempts to get rid of it and access to any of the usual security sites. The anti-virus update was available the next day but I couldn't down load it! It took me several hours over the week-end to remove the thing including editing the registry (not recommended unless you know what you're doing - I know enough to be dangerous) and tighten security back again.

Posted on: 17 March 2005 by BigH47

Do NOT repond to these messages just forward the mail to spoof@ebay.com or spoof@paypal.com they will tell you if they are genuine messages(which I doubt).No reputable company will ask for prsonal details unsolicited and not give you link to "verify" your details.You should always type the URL yourself and log on as normal.
I some times get these from Halifax but they as yet don't have a department for dealing with them.

Howard

Posted on: 17 March 2005 by Tim Danaher

Thanks, all --

Luckily, I'm on OS X, so infection by worms, viruses, etc, isn't something I've ever had to worry about.

This one does look very professional, I must say. And bigH -- I've had loads of the Halifax and Barclays ones as well, but they, at least, look as though they've been put together by a chimp.

Posted on: 17 March 2005 by woody

The belief by OS X users that they're completely immune if worrying at least and reprehensible at most. OK maybe there aren't many (any?) viruses (virii?) in the field yet but as it's based on UNIX there are plenty of nasties exploiting issues like buffer overflows to give you root access to a machine.

Posted on: 17 March 2005 by Gianluigi Mazzorana

Bloody sniffers again!
Watch out!

Posted on: 17 March 2005 by Fozz

A useful tip here is to simply hover over the link and check the actual site at the bottom of the screen to which the browser will connect if you press left mouse. Quite often the email is constructed in such a way that the html link looks valid like www.paypal.com but the acual site is http::/167.200.97.whatever, in such a case its deffo bogus. Sometimes it even has a link to http://sillymachine.backside.ofbeyond and you can tell a mile off.

More and more sites but the message service inside the html site to which you logon, so that you dont ever have to worry about these emails, they are all spoofs.

Gary

Posted on: 18 March 2005 by adamk

Definate Scam /Phish
All emails from Paypal or Ebay to you will be addressed to 'Dear Tim Danaher' or whatever your Paypal/Ebay handle is, and not 'dear Paypal member'.

Posted on: 18 March 2005 by Martin Payne

quote:
Originally posted by Fozz:
A useful tip here is to simply hover over the link and check the actual site at the bottom of the screen to which the browser will connect if you press left mouse. Quite often the email is constructed in such a way that the html link looks valid like www.paypal.com but the acual site is http::/167.200.97.whatever, in such a case its deffo bogus.

I am told that this isn't foolproof. If they code the HTML correctly, they can make the toolbar report whatever they want, as well.

cheers, Martin

Posted on: 18 March 2005 by Berlin Fritz

Pathetic³, though sorry I'm emotional at present, innit !

Posted on: 19 March 2005 by Paul Hutchings

quote:
Originally posted by Martin Payne:I am told that this isn't foolproof. If they code the HTML correctly, they can make the toolbar report whatever they want, as well.

cheers, Martin

The toolbar yes perhaps but not the source HTML of the message - that's the best thing to look at.

They're getting so good these days at making them look legit that's the only way to tell, and even then if you do think it's genuine don't click the link, fire up the site manually with your browser and change your password that way, then you know you're on the real ebay/paypal site.

cheers,
Paul