Pay Pal Scam (best one yet)

[Melensdad]

Hey folks, I get about as many scam emails as everyone else, but this is the best, most authentic PayPal scam I've ever gotten. In fact it is good enough that I was scratching my head and really wondering about it.

(now I should point out that 3 of my co-workers have access to a PayPal account that my company uses to buy electronics, etc for business purposes so it is not uncommon for me to recieve confirmation about something I bought but that I personally did not buy because all the confirmations come to one of my email addresses . . . which is the same email address that this scam arrived in)

 

[Gatorboy]

This should cause you to visit the website (this case paypal.com) directly and NOT, and I repeat NOT click any link in an email.

I don't get any spam email because I use spamarrest.com -- costs something like $40/year, but it's worth it (to me).

 

[Melensdad]

In fact I was never tempted to click the link, but I did wonder if it was real. After I thought about it and couldn't figure what the heck it was, I went to the PalPal site to confirm that the email was a scam.

But I can see a lot of people would fall for this one!

 

[JayC]

Does it normally say Unconfirmed for Address Status when ordering something? That just seems a little odd to me. I never used PayPal so I don't know if that is normal or not.

 

[DaveNay]

This should cause you to visit the website (this case paypal.com) directly and NOT, and I repeat NOT click any link in an email.

I don't get any spam email because I use spamarrest.com -- costs something like $40/year, but it's worth it (to me).

If you don't want to use a service like gator mentions, you can usually just place your mouse pointer on top of a questionable link in an email, but do not click on it. This will show you the address (usually somewhere near the bottom of your email application), and if it does not go directly to http://www.realcompany.com, then it is definitely bogus. If it goes to a numerical IP address, or has a bunch of random looking alpha-numeric characters, then just shit-can it.

 

[Melensdad]

Does it normally say Unconfirmed for Address Status when ordering something? That just seems a little odd to me. I never used PayPal so I don't know if that is normal or not.

There are two types of shipping addresses on PayPal, confirmed and unconfirmed. Both are normal. But an unconfirmed address would be someone who has, by choice, asked to have a product shipped to a different location other than their confirmed address. Or it could be someone who is new to PayPal or has very little use of the Pay Pal system.

I believe that some folks, who are a bit more niave about PayPal might see the unconfirmed address and think of it as a red flag. If a buyer specifies an unconfirmed address some sellers (typically of high $ items) will not ship to an unconfirmed address, but in this case the supposed seller is the one with an unconfirmed that is something that probably would make people believe the supposed seller is scamming them and make it more likely they would click on the link.

To my way of thinking an unconfirmed address of a shipper is a red flag that this is a scam because a legitimate seller would very likely (98+% of the time?) have a confirmed address.

 

[Dargo]

I've gotten that exact same email before. At first I thought that someone had hacked my account. However, since I'm always assuming that these emails are frauds, I just clicked over to my web browser and logged into PayPal directly to check my account. Obviously there was no unauthorized activities there. It was only then that I noticed the nice bold "dispute transaction" button prominently positioned at the bottom of the email. Well, how nice of them to know that I'd want to dispute this charge that I obviously didn't make!

By the way, I do use spam filters and subscribed to the aforementioned spam prevention service before but spam still got through after a while. When I contacted the service they told me that there is no way they can stop 100% of the spam without taking the chance of removing legit emails. So, I dropped that. It seems that I get the same annoying "stock tips" spam emails and other assorted crap. In general, if I don't recognize the sending email address I only spend about 2 seconds looking at the email before it gets dumped.

 

[JimR]

I got one like that recently also. My email was for a Sony Digital camera for $390.85. I decided to have some fun with the jerk. I logged in using a really bad (filthy) name and really bad (gross) password. It them sent me to Paypal. I forwarded the email to spoof@paypal.com
They can track the scumbag and deal with him.

 

[Snowcat Operations]

BOB did you send it to spoof?

 

[OkeeDon]

I don't get any spam email because I use spamarrest.com -- costs something like $40/year, but it's worth it (to me).

I should probably start another thread about this.

Gatorboy, I love the idea of spamarrest, but I'm a tightwad. However, I subscribe to a web hosting service that offers a lot of bonuses and perks. One of them is an email service with the generic name, "box trapper". I looked into it, and it is an identical service to spam arrest, but it takes place on your own server and is free (as long as your hosting service offers it, of course). It works great -- I have it set up on all my email acounts, except one general account I use when subscribing to forums, and such. There are some legitimate services which just can't accomodate the human aspect of the email trapper.

Dargo, I'm willing to bet that it was some other spam service with a similar name you tried. Properly set up, there is no way that machine-generated spam can get through spam arrest or box trapper. If the spam operators can afford to actually pay someone to go through and 'legitimize" the sending address, then they can get through. But, there are so may other "open" email addresses that it just seems unlikely that anyone would go to the trouble just to defeat a few folks with a trap.

For those of you not familiar, spam arrest or the generic box trapper I use work like this: An email arrives at the server. In the case of spam arrest, it first goes to their server and is tested. In my case, it's tested on my own email server.

If the sender's address appears on a "white list" of approved senders, the email goes through. If the name appears on a "black list" of unapproved senders, the email dies. If the sender's name is on neither list, the trapping service prepares an email back to the sender. This email asks the sender to confirm they exist. When they take the required action, it notifies the trapping service that a human at a legitimate address sent the first email, adds their name to the white list, and allows the original email to go through. All this is automatic at your end; the only downside is sometimes a legitimate email addressed to you gets delayed until the sender replies, and occasionally you never see the email because the sender did not open his mail and see the "prove it" response. Both are a small price to pay for getting virtually no spam.

Of course, you can manage your lists, yourself. You can add a sender's address to the white list so they never see the "prove it" email, and you can add a sender's address to the black list. In the unlikely event that someone actually wastes their time to add a spammer's address to a white list, you can do two things -- you can delete it and add it to the black list, and you have a legitimate address at the spammer's end with which you might have some fun, if you're so inclined.

You can get the service at a fee at the link posted by Gatorboy, you can search for other spam trapper services (I don't know if there are any), or you can search for a hosting service that offers the box trapper as part of the service. I know that Doc offers hosting; I don't know if his email service includes this perk. I won't mention mine publicly because I don't want to undercut Doc.

 

[California]

... place your mouse pointer on top of a questionable link in an email, but do not click on it. This will show you the address (usually somewhere near the bottom of your email application), and if it does not go directly to http://www.realcompany.com, then it is definitely bogus.

Yeah. Here's this morning's version of phishing for an ebay password. Already forwarded to spoof@ebay.com.

I've stripped the html formatting so this looks ugly but you can see how it works, some real ebay screens along with junk that will send the data you enter to zsxc.us. (whatever that is).

Received: from psmtp.com [64.18.1.219] by [[my isp]]
Received: from source ([64.90.188.205]) (using TLSv1) by exprod6mx165.postini.com ([64.18.5.10]) with SMTP
Received: from root by peroxid.com with local (Exim 4.52) id

Subject: Security & Resolution Center
From: <aw-confirm@ebay.com>
Message-Id: <E1FWsQD-00022Z-T0@peroxid.com>

X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c
X-pstn-addresses: from <aw-confirm@ebay.com> forward (org good) [db-null]

Content-Type: multipart/mixed; boundary="=======AVGMAIL-444A4F723573======="

src="http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&RC_649x75.gif"

To update your eBay records on file now click here:

A target="_blank" href="http://secure.ebay.com.zsxc.us/SignIn/ws2/SignIn.html"
size=2 https://signin.ebay.com/saw-cgi/eBayISAPI.dll?SignIn&UsingSSL=1

Once you have completed the process your eBay session will not be interrupted and your online experioence will continue as normal.

To change your communication preferences, target="_blank" href="http://secure.ebay.com.zsxc.us/SignIn/ws2/SignIn.html"

target="_blank" href="http://pages.ebay.com/help/community/png-priv.html" Privacy Policy ... and target="_blank" href="http://pages.ebay.com/help/community/png-user.html" User Agreement