Buyer Beware (sorry in advance for the length): I received an email Monday I thought was from PayPal ("[EMAIL PROTECTED]" <[EMAIL PROTECTED]>) asking me, by name, to confirm my account info since it'd been "a relatively long time since" I'd last logged into PayPal. It listed the last 4 digits of my credit card on file with PayPal and included the correct expiration date. When I clicked on the "Click here" link and entered my email addr and PayPal P/W, I decided to update my card info since I'd gotten a new one recently with a later expiration date and a new Card Verification Number (3 digit code on back of card).
Once I hit submit, I took a peak at the URL to watch it update and I noticed the "s" was missing from the address I incorrectly assumed was secure (e.g., https://...). Before I could hit cancel the form was submitted. I contacted PayPal that day making inquiry into the post and the security (or lack thereof) of the web site I'd given my updated credit card info to. I including the link I'd gone to. They replied the next day that if the post started with "Dear First_Name Last_Name" it was definitely from PayPal. Since they did not answer my question regarding http:// vs. https:// I queried them a 2nd time (same response) and then a 3rd time. This time they looked at the URL (finally) and said 1) the post I received WAS NOT from PayPal and that the URL I'd gone to was not a PayPal web site. I've since canceled that credit card and changed my PayPal password. I know we hear a lot about ID theft and until this week I always thought it happened to the other guy. May your "before the fact" discernment of spoofed email be better than mine. Steve Kerney P.S. The bogus link was an underlined "Click Here" that pointed to "<http://www.paypalserv.com/us/cgi-bin/webscr.pl?cmd=_update-card&customer=a c404341u34u%3ASbvfnvh%3AKvdhv6%3At%3A42t4%3A34%3A4t%3Acbv9vkvdhv6%21vzdbnjmh k.hvb&encrypt=1&crc=6911> <http://www.paypalserv.com/us/cgi-bin/webscr.pl?cmd=_update-card&custome r=ac404341u34u%3ASbvfnvh%3AKvdhv6%3At%3A42t4%3A34%3A4t%3Acbv9vkvdhv6%21vzdbn jmhk.hvb&encrypt=1&crc=6911>" They then had a 2nd bogus link masquerading behind what looked like a good link. Check this slight of hand trick out: https://www.paypal.com/us/ <http://www.paypalserv.com/us/cgi-bin/webscr.pl?cmd=_confirm-by-number&cn=96 93-6353-5498-3433-1531&[EMAIL PROTECTED]&id=us0401035105> -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:" Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> --------------------------------------------------------------- >The Think Different Store http://www.ThinkDifferentStore.com ---------------------------------------------------------------