Classic PayPal E-Mail Scam
So you get an e-mail out of the blue that says something like:
PayPal is committed to maintaining a safe environment for its community of customers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.
We are contacting you to remind you that on 16 March 2006 our Account Review Team identified some unusual activity in your account. In accordance with PayPal’s User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved.
To secure your account and quickly restore full access, we may require some additional information from you for the following reason:
We have been notified that a card associated with your account has been reported as lost or stolen, or that there were additional problems with your card.
This process is mandatory, and if not completed within the nearest time your account or credit card may be subject for temporary suspension.
To securely confirm your PayPal information please click on the link bellow:
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
We encourage you to log in and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.
For more information about how to protect your account please visit PayPal Security Center. We apologize for any incovenience this may cause, and we apriciate your assistance in helping us to maintain the integrity of the entire PayPal system.
Thank you for using PayPal!
The PayPal Team
Welcome to the classic PayPal e-mail scam. These type of messages are sent out blindly to millions of e-mail addresses every day in hopes that folks will bite. If you actually have an active PayPal account, your first reaction might be to quickly click the link and log-in. Not so fast! There are two ways you can see if it’s a scam.
1. Place your mouse over the URL linked in the e-mail and look at your browser toolbar. In this case, the URL actually went to www.rabiskisomething.com/webscr/login.html, and not to the legit looking paypal.com URL actually displayed.
2. If the message came to an address you’re sure is not one you use for your PayPal account.
On a related note, if you have a site or access to any service that allows you multiple e-mail addresses, it’s probably a good idea to create a unique e-mail address especially for your PayPal account that is not published ANYWHERE where spam bots can get ahold of it.
When in doubt, always use your bookmarked link or type in the URL yourself to go to a site. Not only for PayPal but any e-mails you get from your bank, credit cards, etc. As seen above, just because the displayed URL looks legit, doesn’t mean it really is going to that location. If there is a legit issue with your account, it should say so when you login.
Should PayPal do more? Last I checked, they had a page with security tips in the bottom left corner of the menu. It’s good. However, I think something more effective would be forcing everyone who signs up for an account to view a page before accessing their account. Similar to how sometimes you’ll login and there is a new Terms of Use you have to read and agree to, before proceeding to your account page. It could just be brief reminders of the scams, forcing everyone to view it for a certain number of logins or until they clicked a box making it go away. I think this would really help users, especially new users, know that there are scams out there which look very legit and how not to fall for them. Especially if you have it linked to your bank account. Don’t be a victim.
