PayPal, Phishing and Identity Theft
March 26, 2008
There’s a lot of emails circulating around pretending to be from Paypal. I’ve gotten a few of them lately. I know they’re fake before I read them because I have a special Paypal email address that I don’t use for anything but Paypal. The phishing emails came to the wrong address. The only reason I read them is to see what scammers and identity thieves are up to and report it here.
They look very convincing and are designed to make you think there’s a big problem with your account that you need to take care of right away. They even gave me a reference number to track the ‘unusual charges to a credit card linked to my Paypal account’. Wasn’t that nice of them?
There’s even a little ‘tips’ box in the email telling me to never give out my Paypal password to anyone. They’re trying hard to convince me this is a real email from Paypal because they tell me to open a new browser window and to type in http://paypal.com to "be sure I’m on the real PayPal site."
Then there was a very noticable link for me to click on. The problem with that link is that is doesn’t go anywhere near to the Paypal website. It goes to : paypal.com.3ifjmk.cn. It has a little other bit of gobbledy-gook thrown into the address to confuse you. The actual site it’s going to is 3ifjmk.cn. That paypal.com business at the beginning is meaningless.
If you clicked on that link and logged into ‘your account’, you’ll have instantly given an identity thief your PayPal password. Now they have access to your bank account and credit card account that’s linked with PayPal. You’ll get your cash wiped out in seconds – literally.
So here’s the official YourIdentitySafe policy on emails: Never Click on a Link in an Email that Asks You To Login To Your Account.
If you feel you’ve got to go check out your account, do it your usual way by typing in the address directly in your browser window. The best thing to do is delete the email and forget about it.