Received a spoofed email regarding my Paypal a/c this am, confirmed as spoof by Paypal. Headed wth the correct Paypal logo too.

Text below

<Dear valued PayPalŪ member:


PayPalŪ is committed to maintaining a safe environment for its community of
buyers and sellers. To protect the security of your account, PayPal employs
some of the most advanced security systems in the world and our anti-fraud
teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your
account. In accordance with PayPal's User Agreement and to ensure that your
account has not been compromised, access to your account was limited. Your
account access will remain limited until this issue has been resolved. This
is a fraud prevention measure meant to ensure that your account is not
compromised.

In order to secure your account and quickly restore full access, we may
require some specific information from you for the following reason:

We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your account
is our primary concern, we have limited access to sensitive PayPal account
features. We understand that this may be an inconvenience but please
understand that this temporary limitation is for your protection.

Case ID Number: PP-040-187-541

We encourage you to log in and restore full access as soon as possible
Should access to your account remain limited for an extended period of
time, it may result in further limitations on the use of your account.

However, failure to restore your records will result in account suspension.
Please update your records as soon as possible!

Once you have updated your account records, your PayPal session will not be
interrupted and will continue as normal.

To update your Paypal records click on the following link:


https://www.paypal.com/****************


Thank you for your prompt attention to this matter. Please understand that
this is a security measure meant to help protect you and your account. We
apologize for any inconvenience.


Sincerely,
PayPalŪ Account Review Department



PayPal Email ID PP522


Accounts Management As outlined in our User Agreement, PayPal will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/*******************

8352006136474624-- >

I have just completed a transaction with PayPal and all went through OK but I find BOAC's post very alarming indeed. In fact, I think I recall having one many weeks ago and binned it. It was certainly asking for account details.

I would have thought that the onus is squarely on PayPal and they should accept that.

I'm on to them now to get a small amount of money in my account transferred to my personal account.

If the original sent to you was by E-mail, then it's almost guaranteed to be a phishing attack, and if you go to the link page, it will be used to steal your information, as it will be capturing the data after silently redirecting you to Paypal. That way, the owner/operator of the phishing site has all he/she needs to be able to access your account without your knowledge/approval

Paypal state clearly in their terms and conditions that they will NEVER ask you to click a link in a message from them, they always insist that you ONLY sign on to their system from your machine using the method you prefer, NEVER from a link in a message. THey may well communicate with you by E-mail, but never with a link to get to their site.

This sort of thing is unfotunately all too common, and it does NOT originate from Paypal, it is an attempt at fraud.

Another way to check.

Paypal know your name, and will address anything they send out to you personally, not as in this case, "Dear Paypal member", that's a dead giveaway that this is spam phishing.

Paypal is (as far as I can see, ) secure, I've used it for over 2 years with no hassles.

Absolutely, Steve, which is why it went straight to their 'abuse' department, but still worth reminding folk about, as I assumed it may be a 'new' wave of phishing.?

Pop - I cannot really see that PayPal should take any blame on this? It is happening more and more with banks etc and will always catch the unwary, which is presumably why it is done.

I've not had the Paypal one, but the Ebay version hits my mailbox most weeks.

The scary bit is that they have somehow got hold of the "different" address I use only for Ebay.

I forward them to Ebay, and also Spamcop them - just to be sure.

I think there must be a way to harvest ebay email addresses, because i've had my dedicated ebay address acquired somehow and now I get ebay and paypal phishing email most days.

Mine was a bit of a 'doddle'as they used the wrong email address..............

Having had several "communications" from "ebay", requesting account details, I got sufficiently fed up to trace the web domains.

From the email header, and also from the domain names in the links, I found the owners of the domain name and forwarded the information to the domain name registrars with a complaint and also to ebay to investigate.

At work I've had ones "from" various banks and credit card companies, but they are spectularly easy to spot as I have never had accounts with the banks they pretend to be from. More worryingly, I could find no way to communicate with the banks to send them copies of the fakes. They obviously really care!

SD

Hello, Saab, hope you're well.

I've traced a couple too - ebay couldn't care less, but I did get a "thank you" from an American bank (who offered me a meal for two at "Red Lobster", whatever the heck that is, in gratitude. Shame i'm on the wrong continent, but I assume I should appreciated the thought ). These days I can't be bothered.

As an aside, there's another development where people register typo'd domain names - www.PRRuNe.org, say - put up a look-alike website and then log your passwords when you try and log on. There's no phishing to get you there, and there's no obvious sign you're in the wrong place. I almost got caught that way with MBNA, because it's a very easy way for the imperfect touch-typer to get caught out.

I got the Paypal con job too. It did look pretty good. The thing that gave it away was that it was sent to the wrong address.

Let's say my name is Joe Bloggs. I have a domain joebloggs.co.uk and thus I can make up unlimited email addresses on the spot, of the form
*@joebloggs.co.uk

and for Paypal I have
[email protected].

Any email really from Paypal will have a To: header of
[email protected] - otherwise it's a fake.

The above is a simple and cheap way of protecting one's email address. Every website that asks for an email address is given a slightly different one, and if one of them gets sold to spammers, you just set up a killfilter on it

I did exactly that, on my own domain. The phishers got hold of the ebay123@joebloggs... address.

I've gotten a little sick of these phishing expeditions. The word "phishing" is disguising the true nature of the email and that is "attempted fraud". Ebay and paypal don't seem to do anything when you all report the email.

Now I send back a message that reads - "Fcuk off and die".

I understand why, but you are just confirming to the spammers/phishers that your e-mail address exists, is live, and the e-mail is read - thus confirming its place on the spam lists.