• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

PayPal Scam?

Soapy Sam

Penultimate Amazing
S
Joined
Oct 23, 2002
Messages
28,769
I just received the following email.
The FROM address is PayPal (secure@intl2systems.payee.com)




Dear Valued User,

Our system has detected unusual charges to a credit card linked to your PayPal account.

Access to your account was limited for the following reason:

We have established that someone tried to access your PayPal account without
your permission. To ensure greater security, we have limited access to your account. We have sent
you an attachment which contains all the necessary steps in order to restore your account access.
Please download and open it in your browser.

(The locator for this reason is PP-882-562-109)

We thank you for your prompt attention to this matter. Please understand that this
is a security measure intended to protect you and your account. We apologise for any inconvenience.


Thank you,
PayPal Account Review Department

There is an HTML attachment which is a very convincing Paypal like screen.


Search PayPal Search



  • My Account
    • Overview
    • Add Funds
    • Withdraw
    • History
    • Resolution Centre
    • Profile
  • Send Money
  • Request Money
  • Merchant Services
  • Auction Tools
  • Products & Services

Profile Update

Secure Transaction
secure_lock_2.gif
pixel.gif
pixel.gif

Please complete the form below to update your Profile information and restore your account access.
Personal Information Profile

Make sure you enter the information accurately, and according to the formats required.
Fill in all the required fields.

pixel.gif
Card Holder Name:
pixel.gif
Date of Birth:

Credit/Debit Card Profile

Enter card information as accurately as possible.
For card number, enter numbers only please, no dashes or spaces.

pixel.gif
Card Number:
pixel.gif
Expiration Date:
pixel.gif
Card Verification Number: Help finding your Card Verification Number
pixel.gif
PIN:

Required Field
pixel.gif


For your protection, we verify credit card information.
The process normally takes about 30 seconds, but it may take longer during certain times of the day. Please click Save Profile to update your information.



I assume this is a scam, but it seems a more credible effort than most.
 
Last edited:
Not sure, but Paypal does legitimately limit access when it thinks something is fishy. It happened to me twice when I was overseas so the requests to spend money came from strange IPs. Go to your Paypal account then click on "Resolution Services" in the menu bar. That will tell you if they really have an issue. You can find the steps to resolve it there.
 
I've also had problems using PP from abroad.
Checking the account is my next step.:)
 
Why are they asking for your credit card PIN? They have no need for that

Norton doesn't seem to trust payee.com - if they were legit and connected to paypal I would have thought it would be a trusted site

Couple of alarm bells there
 
Looks like a scam to me. You have to enter a card and verify it to even have a fully functional account. I doubt they'd be asking all your detailed card information again, and DEFINITELY not via email. Scam. Forward it and the header information from the email to abuse@paypal.com.
 
I received almost the exact same email a few months ago. I *knew* it was a scam when I remembered that the email account I was reading was *not* the email account I use for PayPal. :rolleyes:
 
Last edited:
It's certainly a scam.
I can see how these things catch people out though.
Because I work abroad, Ithought Paypal would be useful.
In fact, I found because my account is UK registered, when I try to use it from my workplace it's invariably stopped because they suspect it's an attempted theft.

As a result, I'm "primed" to expect occasional inquiries from PayPal.
But not a request for card details, of course.

Anyway, I just checked my PP account. Nothing flagged there and no usage since I last used it in March.

While the request for data was an obvious alarm, I'm impressed by the quality of their entry form. It's quite convincing. Nostilted phrasing or poor spelling.

I didn't know about "Scambuster" . One to bookmark, methinks.
 
From PayPal's web site:

Should I trust that email?

An email from PayPal will: Address you by your first and last names or your business name
An email from PayPal won't: Ask you for sensitive information like your password, bank account, or credit card
(...)
t's also important to report the phishing email or spoof site as soon as possible in order to protect yourself-and to help your fellow members in the PayPal community.
Click to expand...

https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=security/suspicious_activity
 
I agree with the above - a genuine email from PayPal will always include your name.
 
hang on a sec ...

Since when did you think intl2systems.payee.com might ever be from Paypal?

Obvious scam. Even I can do a better forge than that one :)
 
Indeed and it was one of the first things I noted, but the attached page is pretty realistic in terms of appearance.
While 99% of folk would reject it 99% of the time, the individual in a hurry who has been primed (by whatever real experience) to expect a message from that site might fall for it once. Which is enough to give the creators a result.

My wife was caught by one supposedly from the Santander bank. It happened that she had just been asked, by Santander, to download securitry software. This was legitimate. They recommend securitry software from Rapport.
By coincidence, - or perhaps not- she received, the same evening, a scam message supposedly from Santander asking for password details. Only after she had actually filled and sent it did she realise the second message made no sense- and immediately froze the account. It's in that sort of situation these things catch people out.
 
Soapy Sam said:
Indeed and it was one of the first things I noted, but the attached page is pretty realistic in terms of appearance.
While 99% of folk would reject it 99% of the time, the individual in a hurry who has been primed (by whatever real experience) to expect a message from that site might fall for it once. Which is enough to give the creators a result.
Click to expand...

Right. Earlier this year, I received an email from "UPS" in my spam folder. I opened it because I actually WAS expecting a package from my Mom via UPS. I realized I didn't see my name in the email body and opened up the email completely - and saw that there were probably 20 email addresses in the "sent" line. Someone in a hurry (and less savvy about these kind of things) could easily have been tricked into opening the link in the text. :boggled:
 
Sounds like this may be an example of a Trojan horse.

For instance, the file you are asked you to download may then ask you to install and run it. While it may appear to be from a legitimate source (PayPal in your case), it may actually be a cleverly crafted look-alike site, that can collect your credit card information- if that's what it's asking you for.

Your credit card information can then go to whoever's behind the Trojan, whereby they may use it, or sell your credit card information for someone else to use how they see fit.

If your computer ever starts downloading a file you didn't intend, you should either quit the web browser, or if it won't quit- select 'force quit.' Then delete whatever started to download (from your download folder?).

Here's a good read from Carnegie Mellon's, Software Engineering Institute: CERT® Advisory CA-1999-02 Trojan Horses.
 
You must log in or register to reply here.

Back
Top Bottom