« Bike for Sale - One more try | Main | 3 and half sleepless nights in Seattle »
August 21, 2005
Spam
I received an email today from paypal, telling me that there was some strange behavior on my account, and I should click on a provided link to verify some information.
It was so real, even the return addresses seemed authentic to me. But... there was a nagging voice in the back of my head telling me not to do it. I opened Mozilla and logged onto paypal directly. There where no messages, no warnings, nothing to indicate that something was wrong. There was a message saying to be aware of spoof emails, and if I received a suspected spoof I should forward the message to paypal.
So, I forwarded the message and a short time later I received the following from paypal:
Dear Peter Madsen,
Thank you for writing to PayPal regarding the email message you received
that appeared to be from eBay.
As you may have already suspected, this email was not sent by eBay.
These emails, commonly referred to as spoofs, are sent by fraudulent
sources posing as eBay in an attempt to collect sensitive financial
information or passwords.
Please know that PayPal and eBay is committed to the security of our
sites and our members. We review every report we receive and forward all
vital information on to the appropriate authorities for further action
and tracking. We work actively and aggressively in partnership with many
agencies, ISP's and law enforcement groups to support their
investigation of these fraudulent entities. As a public company, we rely
on the same agencies you do to pursue these fraudulent activities. You
may also wish to contact your ISP or email service provider for further
information or instructions.
Now that you have received a spoofed email, your email address has been
collected by a fraudulent source. As a result, you may continue to
receive spoofed emails for some time as these groups move from ISP to
web hosting sites setting up fraudulent email addresses, fake sites and
sending spoofed emails. PayPal and eBay has enacted several preventative
measures and increased information available on both sites help pages to
help educate our members in spotting fake emails.
In the future, we advise you to be very cautious of any email appearing
to be from eBay or PayPal that asks you to submit financial information
such as your credit card number or any type of password. As for eBay,
they will NEVER ask you for certain financial information such as
passwords, bank account or credit card numbers, Personal Identification
Numbers (PINs), or Social Security numbers in an email. All sensitive
information should be submitted on a secure page located on the eBay or
PayPal site.
If you have any doubt about whether an email message is from PayPal,
please forward it immediately to spoof@paypal.com. For eBay spoofed
emails, please forward those to spoof@ebay.com. Please do not respond to
it or click on any of the links in the email message. Please do not
change the subject line or edit the email in any way.
If you have already entered sensitive information as mentioned above,
you should take immediate action to protect your identity and online
accounts. If you only clicked on a link inside of a spoofed email, you
may also want to run a security scan on your computer. eBay has a help
page with valuable information regarding the steps you should take to
protect yourself. Below is a link to this page:
http://pages.ebay.com/securitycenter/index.html
Once again, thank you for alerting us to the spoofed email you received.
Your vigilance helps us ensure that PayPal and eBay remain a safe and
vibrant online marketplace.
Sincerely,
PayPal Account Review Department
PayPal, an eBay Company
So, I was right, but I am mad, because for one split second I thought the email was legit. I wonder how many people fell for this, and is there any way to stop these sons of bitches.
Posted by pmadsen at August 21, 2005 04:15 PM
