A dangerous new phish
I received an e-mail with the subject Unauthorized Access Report (KMM9755003V34721L0KM) today.
The contents of the e-mail stated
You have added accessdenied11@aol.com as a new email address for your PayPal account.
If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:
http://www.paypalonlineupdate.info/index.htm?row/wf/f=ap_email
Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page.
————————————
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in at https://www.paypal.com/. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
————————————-
PayPal Email ID PP007
Looks legit, doesn't it? It's not.
A legitimate e-mail from paypal would have had this subject
New email address added to your PayPal account
And would have read
Dear Firstname Lastname,
You have added newe-mail@newe-mail.com as a new email address for your PayPal account.
If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:
https://www.paypal.com/us/wf/f=ap_email
Thank you for using PayPal!
The PayPal Team
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.
—————————————————————-
PROTECT YOUR PASSWORD
NEVER give your password to anyone, including PayPal employees. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
—————————————————————-
PayPal Email ID PP007
There are very few differences between the two e-mails other than the subject. The real e-mail from PayPal is addressed directly to me while the fake one is not. Another difference is that the fake one has the real url for PayPal in the area under Protect Your Password while the real one does not.
The biggest and most telling difference, though, is the URL given to click if you need assistance. The real one starts with https://www.paypal.com/ while the fake one starts with http://www.paypalonlineupdate.info/.
According to PayPal, legitimate e-mails from PayPal will ask you to click on a link with https://www.paypal.com/ in the beginning. If you're asked to click on anything else it is a fraudulent request.
So who does http://www.paypalonlineupdate.info/ belong to? According to Web Whois this url is owned by someone claiming to be Peter Jaly from Australia. His e-mail is woolleyc1949@yahoo.com.
I'd send him an e-mail but I don't want him to have verification of my e-mail address.
-E:
I have a friend who got one of those Nigerian Scam emails, but it was a little different in that it was a Christian group seeking funding for missionary work or something like that. My friend has an actual disease and isn't getting help for any of the transplants and things he needs, so he responded. Basically the same email, but stating that he had a horrible disease.
The idiots sent him money….
7 September 2005, 7:22 pmBes:
Yep, I'm also getting more and more emails like this every few hours. These phisers seem to be targeting Paypal and ebay a lot lately.
8 September 2005, 4:58 amTed:
I just forward those to spoof@paypal.com or the ebay ones to spoof@ebay.com.
It is a shame people still fall for them.
Ted.
8 September 2005, 8:53 pmKim:
I received that exact email a while back, and clicking on the link they send asks you to give them your bank details… at the time I really wasn't paying attention and ALMOST typed them in… good job I realised what I was doing before it was too late!
8 September 2005, 9:08 pmPR Angel:
WOW thats crazy!!! Whats the purpose of the fake e-mail?? How did you figure out that it wasn't legit??
8 September 2005, 10:55 pmstephen:
There'd be no point responding to the yahoo email … that's probably one of thousands of phished emails they are using to steal your password.
10 September 2005, 12:45 amGood on your for pointing this out.
Despite our government's best intentions and abilities, online phishing will never go away.
How do you prosecute ghosts?
Nancie:
I typically email customer service to confirm the email - just in case. You never know, these phishers are getting smarter. At one time is was obvious… Poor spelling, grammer, punctuation, and just poor form made it obvious except to a few who seems that companies are that incompetent.
Anyway, it's always better to be safe than sorry. Sometimes paypal does inform you that you have a problem with the account.
Sometimes it's not a phishing scam but a ploy to get you to click on the "link" to install a virus. Some use Java (not javascript) to install a virus and you won't know unless you run a virus scanner (as I discovered once).
You are better off not clicking on anything questionable until you verified that it is legit.
10 September 2005, 10:19 amSydney:
I love your blog! Its cool to look at AND to read. I've used paypal since it started so I just take anything I get in my email from them with a grain of salt. Its sad the number of scams there are out there involving both paypal and ebay but I just don't really pay attention to email from either place without actually signing into paypal or ebay myself to see if its for real.
10 September 2005, 5:58 pmPhill:
It seems rather stupid to me that the phishers actually put into the email that you should not enter your details anywhere other than paypal.com, which made me laugh, as that is what they want you to do! And the moral of this email is to always read the whole thing…less aimless clicking!
11 September 2005, 8:33 am