What a nasty experience, Steve. :(
However, eBay and the like are always telling us that they never ask us for secure information by email. I have had countless similar attempts at phishing from banks and I just delete them without opening. If in any doubt, ring the organisation first and don't put up with someone in a call centre - ask for a supervisor or someone senior who will know what is going on. I do hope there were no repercussions from what happened.
Susan
Swindon, Wiltshire
England


On 6 May, 2004, at 04:41, G-Books wrote:

Date: Wed, 05 May 2004 22:48:43 -0400 Subject: OT - Spoof Warning From: Stephen Kerney <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]>

Buyer Beware (sorry in advance for the length): I received an email Monday
I thought was from PayPal ("[EMAIL PROTECTED]" <[EMAIL PROTECTED]>) asking
me, by name, to confirm my account info since it'd been "a relatively long
time since" I'd last logged into PayPal. It listed the last 4 digits of my
credit card on file with PayPal and included the correct expiration date.
When I clicked on the "Click here" link and entered my email addr and PayPal
P/W, I decided to update my card info since I'd gotten a new one recently
with a later expiration date and a new Card Verification Number (3 digit
code on back of card).


Once I hit submit, I took a peek at the URL to watch it update and I noticed
the "s" was missing from the address I incorrectly assumed was secure (e.g.,
https://...). Before I could hit cancel the form was submitted.


I contacted PayPal that day making inquiry into the post and the security
(or lack thereof) of the web site I'd given my updated credit card info to.
I including the link I'd gone to. They replied the next day that if the
post started with "Dear First_Name Last_Name" it was definitely from PayPal.
Since they did not answer my question regarding http:// vs. https:// I
queried them a 2nd time (same response) and then a 3rd time. This time they
looked at the URL (finally) and said 1) the post I received WAS NOT from
PayPal and that the URL I'd gone to was not a PayPal web site.


I've since canceled that credit card and changed my PayPal password.

I know we hear a lot about ID theft and until this week I always thought it
happened to the other guy.


May your "before the fact" discernment of spoofed email be better than mine.

Steve Kerney

P.S. The bogus link was an underlined "Click Here" that pointed to
"<http://www.paypalserv.com/us/cgi-bin/webscr.pl?cmd=_update- card&customer=a
c404341u34u%3ASbvfnvh%3AKvdhv6%3At%3A42t4%3A34%3A4t%3Acbv9vkvdhv6%21vzd bnjmh
k.hvb&encrypt=1&crc=6911>
<http://www.paypalserv.com/us/cgi-bin/webscr.pl?cmd=_update-card&amp; custome
r=ac404341u34u%3ASbvfnvh%3AKvdhv6%3At%3A42t4%3A34%3A4t%3Acbv9vkvdhv6%21 vzdbn
jmhk.hvb&amp;encrypt=1&amp;crc=6911>"


They then had a 2nd bogus link masquerading behind what looked like a good
link. Check this slight of hand trick out: https://www.paypal.com/us/
<http://www.paypalserv.com/us/cgi-bin/webscr.pl?cmd=_confirm-by- number&cn=96
93-6353-5498-3433-1531&[EMAIL PROTECTED]&id=us0401035105>



------------------------------

In-Reply-To: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
From: Richard Bae <[EMAIL PROTECTED]>
Subject: Re: OT - Spoof Warning
Date: Wed, 5 May 2004 20:11:42 -0700

Good to let everyone know, this has been running around for some time.
I've received it a few times and realized it was a fake when I was
getting the same message to an e-mail account I don't have a paypal to.
  Also there's been a similar one running around that looks like its
from eBay asking for your username and password.  Basic rule of thumb,
NEVER provide your password, credit cards and any other sensitive
information through e-mail no matter how legitimate it looks, places
like eBay and paypal will only deal with information through their
secure servers on the site.


-Richard Bae


--
G-Books is sponsored by <http://lowendmac.com/> and...

Small Dog Electronics    http://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

     Support Low End Mac <http://lowendmac.com/lists/support.html>

G-Books list info:      <http://lowendmac.com/lists/g-books.html>
 --> AOL users, remove "mailto:";
Send list messages to:  <mailto:[EMAIL PROTECTED]>
To unsubscribe, email:  <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/>



---------------------------------------------------------------
The Think Different Store
http://www.ThinkDifferentStore.com
---------------------------------------------------------------




Reply via email to