This article has nothing to do with genealogy. However, it contains information that I believe every Internet user should know.
A newsletter reader sent an e-mail message to me today with a statement that caught my eye:
"There was a problem with Paypal. They advised that someone had tried to access my account."
My first reaction is that the notice was bogus. PayPal never sends such messages.
If the “warning” was in the form of an e-mail message, and if that message had a return address of PayPal, the return address probably was forged. The message undoubtedly was not sent by PayPal. It was sent by a rip-off artist trying to gain access to your account. PayPal never sends such messages.
To read PayPal's description of how to detect forged messages claiming to be sent by PayPal, click here: http://tinyurl.com/eogn32.
Sadly, I have a lot of experience with such messages. My e-mail address is posted in many places on the Internet and, as a result, I receive 500 to 1,000 spam messages per day. Luckily, my spam filter deletes most of them.
If I take the time to look at these spam messages, I always see dozens of messages per day claiming to be from PayPal or from various banks or credit unions. Many of them claim to be from from banks I never heard of, telling me of problems with "my account." A few of them are even from banks in foreign countries. All of them claim that I need to go to some site or other and enter my user name and password in order to straighten out my account.
The excuses vary widely: someone tried to access my account, "foreign" activity, a system crash, a security upgrade was installed on the bank's or credit union's server, etc.
All of these messages are bogus. Banks and credit unions and PayPal never send such messages.
Return addresses are very easy to forge. In fact, all those messages are sent by rip-off artists and the sites they send me to are not owned or operated by the bank or credit union or by PayPal. The sites are run by the rip-off artists. All the rip-off artists want is for me to enter my real user name and password for that bank or credit union or PayPal so that the rip-off artist can see my account information and then later log in and drain my account.
I ignore all such messages. I suggest that you do the same.
If you receive a message from a bank or credit union or from PayPal asking you to go to some site and enter your user name and password, never click on a link in the message. Period.
If you have a question or if you wish to verify the claimed problem, call the bank or credit union or PayPal on the phone. I bet I know what they will tell you but it is even better if you hear it for yourself.
Actually, PayPal asks that all bogus emails be forwarded (with headers) to their spoof @ paypal dot com address as they do try to shut them down and probably also keep the emails for court if it gets to that.
Posted by: Cheryl | December 10, 2008 at 11:09 PM
The first hint that an email is bogus is that it days "Dear PayPal User." If it was from PayPal, they know your name and will address it to you!!
Also if you really feel that you need to sign on and check your account - DO NOT click on the link that you will be given. That will take you to a site such as www.paypal.com.joesspoofsite.com.hk/Ill_take_all_your_money.html. But instead open your browser and go to the website and sign on as you usually do.
Posted by: Peter Fear | December 11, 2008 at 09:10 AM
My rule is, if I did not initiate the contact I don't respond. Same with phone calls.
Posted by: LarryN the LibraryN | December 11, 2008 at 03:55 PM
If you receive a phishing email, one that is "fishing" for your bank login information by directing you to a site that will mine your id and password, it should be forwarded to the government. The email addy for this is spam@uce.gov. I imagine they would be interested in a phishing expedition aimed at paypal, as it would allow access to either your c/c info, bank account info, or both.
Posted by: Glenda | December 13, 2008 at 12:29 AM
I use a great shareware program called Mailwasher that allows me to examine my messages BEFORE I download them from my ISP into my email program on my PC. I can examine the full header and the true email address behind any 'forged' email address. I can add dubious email addresses (or whole domains) to a blacklist; I can bounce messages back to the sender to give the impression that my address is invalid; I can mark trusted messages from friends or mailing lists. Messages can be sorted by size, date/time, subject, sender, recipient. Great program. Easy to use. Cuts my spam to zero. Try it!
Posted by: Garry | December 16, 2008 at 08:55 AM