Share this page:
Stay connected:
Welcome to the Citywire Money Forums, where members share investment ideas and discuss everything to do with their money.

You'll need to log in or set up an account to start new discussions or reply to existing ones. See you inside!

Notification

Icon
Error

PAY PAL SPOOF SCAM EMAIL'S
BOB 2
Posted: 04 May 2017 21:23:21(UTC)
#1

Joined: 10/08/2012(UTC)
Posts: 361

Thanks: 179 times
Was thanked: 108 time(s) in 68 post(s)
Today 4/5/2017 received 3 scam emails as below

Pay pal

Security notice
Correct name was hear , me bob2 removed
 
We are writing to inform you about recent initiative taken by PayPal to secure our network against online fraud by authenticating our clients randomly on the basis of the threat level of their account.
Your account has been filtered by our system for authentication. Please view the possible events listed below for this cause
 
 
 
Possible events occurred
1.Log in attempts from an unusual or unrecognized device or location.
 
2.Requesting any operation using unusual pattern.

3.Too many incorrect log in attempts.
 

For security, all your account services are disabled until response has been received from you.

Please click "Authenticate now" button below to confirm your possesion.


Confirm now


Thank you,
PayPal


PayPal (Europe) S.à r.l. et Cie, S.C.A. is duly licenced as a Luxembourg credit institution in the sense of Article 2 of the law of 5 April 1993 on the financial sector as amended and is under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier, with registered office in L-1150 Luxembourg.

© 1999–2016 PayPal Inc.
 


Reply Reply to All Forward More

INFORMATIOM RE PAYPAL SCAMS
Recognize fraudulent emails and websites



me bob2 then your superposed to click button ,that was further down that takes you to so called paypal log in , if you log in ,the scammers have got your log in details ,

PART 2 INFORMATION ADDED FROM PAY PAL
INFORMATIOM RE PAYPAL SCAMS
Recognize fraudulent emails and websites
We invest a lot of time and energy to make sure PayPal users are secure, and thieves know it. They may try to impersonate us to gain your trust so they can access your account. Fortunately, there are a few ways you can make sure it’s really us.

Suspicious emails
Phishing and spoof emails aim to obtain your secure information, passwords, or account numbers. These emails use deceptive means to try and trick you, like forging the sender’s address. Often, they ask for the reader to reply, call a phone number, or click on a weblink to steal personal information. If you receive a suspicious email, FORWARD it to spoof@paypal.com. Our security experts can take a look to determine if it's a fake. If it is, we'll get the source of the email shut down as quickly as possible. Reporting these emails helps protect yourself and everyone else, too.
There are some hints about identifying scam email below, but it’s often difficult to be sure if something is real or fake since scammers adjust their tactics. So, if you have the slightest doubt, send it to our experts for investigation.
Note: Please FORWARD the suspect email –– don’t cut and paste the contents, because valuable tracking information about the source will be lost.
What is phishing?
“Phishing” is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive personal information, such as credit and debit card numbers, bank information, account passwords, or Social Security numbers.
One of the most common phishing scams involves sending an email that pretends to be from a well-known company. However, it can also be carried out in person, over the phone, via malicious pop-up windows, and "spoof" (fake) websites.
How phishing works
1.A criminal sends emails to people that appear to be from a well-known company. A common tactic involves a made-up story designed to lure you into clicking on a link or calling a phone number.
2.The phishing email may ask you to fill out a form, or click on a link or button that takes you to a fraudulent website.
3.The fraudulent website mimics the company referenced in the email, and aims to trick you into volunteering sensitive, personal data.
In essence, you think you're giving your information to a trusted company when, in fact, you're giving it to a criminal.
Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malicious software or malware.
How to spot a fake email
There are many telltale signs of a fraudulent email:
A false sense of urgency. Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
Fake links. These may look real, but they can lead you into trouble. Check where a link is going before you click by hovering over the URL. If it looks suspicious, don't click.
Attachments. A real email from PayPal will never include an attachment or software. Attachments can contain malware, so you should never open one unless you are 100% sure it's legitimate.
If you're not sure whether a PayPal email is legitimate or not, here is what you do: don’t click on any link in the email. Instead, go to PayPal.com and log in. If there is any urgent message for you, you will see it here.
Phishing resources
Here are some useful links to more on phishing:
antiphishing.org/resources
education.apwg.org
onguardonline.gov/phishing
wikipedia.org/wiki/Phishing
en.wikipedia.org/wiki/SMS_phishing
Here are some examples of fake emails:
You receive an email stating: “Your order #ZK04769 is confirmed for shipment tomorrow. Please click here to review the shipping details.” But you never placed an order, so you click on the link and login to see what it is. Only later do you realize that the link took you to a bogus website.
You receive an email stating: “We have noticed suspicious activity on your account. Please click here to review your recent transactions.” Once again, the link takes you to a page that looks correct but is really a bogus link.
“We would like to offer you a special $50 coupon for being such a good customer. This offer is limited to the first 100 people so click here immediately to claim your reward.” Instead of a reward, you are directed to a fake website where you might give up your account ID and password which the scammers can then use to spend from your account.
For more examples see these sites:
onguardonline.gov/articles/0003-phishing
banksafeonline.org.uk/common-scams/phishing/examples-phishing
it.cornell.edu/security/safety/phishbowl.cfm
Smishing
Phishing can come through your phone via voice or SMS. Smishing is when a scammer sends an SMS message to your phone number with a bogus phone number or URL. The message is usually urgent like:
“Your PayPal account has been suspended due to suspicious activity. Please contact us immediately at 1-408-123-4567. It is imperative that we speak to you immediately.”
“PayPal: You spent $1293.17 USD at The Home Depot. If you did not make this transaction please call us immediately at 1-408-123-4567. Thank You.”
If you call the number, you’re confirming that you have a PayPal account. You'll be talking to a fraudster who will ask for your account information so he can steal from your account.
Similarly, a URL link in a text message on a smartphone could be bogus.
“PayPal: You spent $1293.17 USD at The Home Depot. If you did not make this transaction please login at paypal.mobileservice2013.com/txn?id=178948 to stop this transaction. Thank You.”
Vishing
Fraudsters sometimes use an automated system to make voice calls, reporting urgent account problems and asking for account information. This is called Vishing. Here’s an example of what a vishing call might sound like:
"This is PayPal calling about a possible fraudulent transaction on your account. Please enter your PIN now to hear the transaction details. We need your immediate response to block this transaction."
When users enter their PIN or password, scammers get vital information to access the account. So never provide any account information unless you initiated the phone call.
Caller ID can’t be trusted. Even if the Caller ID says “PayPal,” it’s not enough for you to trust the call. Scammers can easily fake a Caller ID, and it’s impossible to be sure the call is coming from where it says it is.
Sometimes automated calls will ask you to call back. They leave a number or make it simple to click-call from your smartphone. Don’t call these numbers. If you need to contact us, visit the Contact Us link on any PayPal page for the real phone number.
Note the bogus URL in the message. You should be suspicious of text messages containing links. If you are ever in doubt about the validity of a link, manually type www.PayPal.com into your browser to log in.
How to spot a spoof website
You can’t always tell a website is authentic just by looking at the pages, since it’s very easy for scammers to simply copy the real website’s content. You need to look at the URL to be sure that you are on the real website.
With our site, there are a few indicators that tell you it’s really PayPal. The URL should start with https:// (not http://) and you should see the web security icon – a lock – in the browser address bar.
Some scammers will place a fake browser address bar over the real one to make it look like you're on a legitimate website. But even if a URL contains the word "PayPal," it may not be a PayPal site. If the URL address looks overly complex, it is quite possibly a spoof website.
Here’s a few examples of fake PayPal addresses:
secure-paypal.com
fraud.hmmmm.com/reroute?dst=www.paypal.com+dxz=hj7880
Real PayPal URLs start with https://www.PayPal.com. Sometimes the “www” may be replaced with other letters, but “PayPal.com” should immediately follow. The second example includes “PayPal.com," but the website is really hmmmm.com – which is very suspicious.
We also commission third party domain addresses using the format paypal-xxxx.tld, which attempts to keep PayPal at the front of the hyphen (unlike the first example). But this format isn’t exclusive to PayPal, as anybody can purchase a domain name and add “-paypal.com” to make it seem legitimate. So for you to confirm that the site is truly PayPal, check that:
1.The format keeps with PayPal third party domain naming guidelines – namely paypal-xxxx.tld (where “tld" is Top Level Domain). So country domains are acceptable here (for example “.us,” “.cn,” “.ru” or “.de” as well as “.com” or “.net”).
2.The Green EV SSL secure logo is present in the web address bar. This looks like a green lock and identifies the site as owned by PayPal, Inc.
If you come across a suspicious link or website, tell us. Just copy and paste the site’s URL into an email message and send it to spoof@paypal.com. Our security experts will investigate, and if it's a bad website, we will get it shut down. Reporting a suspicious link helps protect yourself and other people too.
Site safety rating tools
You can’t always catch suspect links before you click on them. But several site safety rating tools can help protect you while you browse. These services collect reports about suspicious sites and rate them. They can preempt you from going to a site that might infect your system with malware:
siteadvisor.com
mywot.com
safeweb.norton.com
These tools can be a good first defense, but you should still be careful of strange links. These services can’t catch every bad link because the bad guys will keep creating new ones.
If you fall for phishing, vishing, or smishing
There are plenty of clever scam attempts, and new ones are being created all the time. So despite your best intentions, it could still happen. If you think you may have fallen for a scam, here are some steps to protect yourself:
1.Run an anti-virus scan on your system to make sure that you didn’t pick up a virus. Make sure that your system and anti-virus software are up to date.
2.Change your account password, PIN, and security questions immediately. Do this for your PayPal account, email account, and other online accounts.
3.Check your online account statement vigilantly over the next few weeks (and months) for unexpected transactions .
--------------------------------------------------------------------------------------------------------------------------
me bob
i have forwarded on e mails to spoof@paypal.com but heard nothing back so far
and deleted scam e,mails as suggested,


update e mail sent to me around 11.15pm today
Dear ..................

Thank you for partnering with PayPal to combat fraudulent emails. We
take reports of suspicious email very seriously. Your submission helps
us identify potentially malicious activity and take the appropriate
action needed to protect our customers.

Did you know that approximately 90% of all email sent worldwide falls
into the spoof, phishing, spam, and general junk category? By
submitting reports of suspicious email to us you are helping to address
this problem.

To help you identify suspicious email, below are a few things that
PayPal will never do in an email communication:

1. Send an email to: "Undisclosed Recipients" or more than one email
address
2. Ask you to download a form or file to resolve an issue
3. Ask to verify an account using personal information such as name,
date of birth, driver license, or address
4. Ask to verify an account using bank account information such as bank
name, routing number, or PIN number
5. Ask to verify an account using credit card information such as credit
card number or type, expiration date, ATM PIN number, or CVV2 security
code
6. Ask you for your security question answers without displaying each
security question you created
7. Ask you to ship an item, pay a shipping fee, send a Western Union
Money Transfer, or provide a tracking number before the payment
received is available in your transaction history

Any time you receive an email about activity to your PayPal account, the
safest way to confirm the validity is to login directly to the PayPal
website and review the relevant section. If you see suspicious activity,
you would do the following:

1. Open a new browser and type in "www.paypal.com"
2. Log in to your PayPal account.
3. Click "Activity" near the top of the page.
4. Click on the suspicious transaction to expand the details.
5. Click "Report this as unauthorized"
6. Complete the report process on the next screen.

If you have any other questions about PayPal security, please visit the
PayPal Security Center.

Thanks again for your help.
PayPal Security


***********************************************************************

Please do not reply to this email. If you need to follow up, please
follow the steps above to access your account and utilize the Contact Us
resources from our site.
1 user thanked BOB 2 for this post.
Redundant (Old Timer?) on 05/05/2017(UTC)
Mickey
Posted: 05 May 2017 08:05:36(UTC)
#2

Joined: 21/06/2010(UTC)
Posts: 293

Thanks: 656 times
Was thanked: 260 time(s) in 135 post(s)
Ebay used to ask for any such emails to be forwarded to them, the address was spoof@ebay.com

PayPal give the following advice -

Forward the entire email to spoof@paypal.com
Do not alter the subject line or forward the message as an attachment.
Delete the suspicious email from your inbox.


1 user thanked Mickey for this post.
andy mac on 05/05/2017(UTC)
+ Reply to discussion

Markets

Other markets