PayPal Phising Attempt - Strike 3. You’re Out!
I received an email this morning that was purportedly from PayPal. It requested that I login into my account to confirm my account status information due to “suspicious activity”. The content of the email is noted below:
Dear PayPal Customer,
This email is to inform you, that we had to block your PayPal Account access because we had to upgrade our servers in order to remove online fraud.
Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some unusual activity related to our servers that indicates that other parties may have access and, or control of your informations in your account.
Please follow this link to confirm your account access information :
https://www.paypal.com/us/cgi
Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to upgrade your account as instructed above.
Thank you for your time and consideration in this matter .
Sincerely,
PayPal Account Departement.
Deconstrunction of this scam follows…
First, if you examine the hyperlink closely, you would find that it does not link you to:
https://www.paypal.com/us/cgi
but “http://jbjasman.com/albums/a.htm”. Strike One. ***Do not go to this link, it is a phising scam to trick you into logging into Paypal, if you have a Paypal account and basically handing over your login name and password to individuals with nefarious purposes for your PayPal account.*** Second, if you examine the text of the email, you will notice several grammatical errors such as “we had to upgrade our servers in order to remove online fraud.” Stike Two. How might you remove online fraud? Yeah right, try again. Third, you will also notice “parties may have access and, or control of your informations”. I think have pretty good command of the English language and I don’t believe anyone who does would use the word “informations”. Strike 3, you’re out. Have a nice day!
In retrospect, we have the following lessons learned about email notices received from your typical online sources:
1. READ your email. If the text just doesn’t sound right, call the company to verify that it was sent by them.
2. Look before you leap. Verify that the hyperlink actually goes to the location the text says it does. The easiest way to do this without clicking on the hyperlink in Internet Explorer and Firefox is take your mouse and “hover” over the hyperlink and look to the bottom left of the browser window. If the status text in the bottom left of the window doesn’t match what is in the hyperlink or doesn’t remotely look legitimate, don’t click on it. In this intance, this should be reported to PayPal.
3. Just don’t do it. Never click on a hyperlink in an email.
Disclaimer: I take no responsibility for actions resulting from the information noted in this post. If you choose to go to the link above, you do so at your own risk. This post is to inform only.
