Moneymoneypaypalphishingscam

Thu Mar 9, 2017, 09:55 AM

For those who use PayPal, be on the alert for phishing.

I just received an email supposedly from PayPal warning that some unusual charges had been detected on my account. There was a link provided so I could check my account and update my PayPal info.

This is more than likely a scam. If you receive a similar email, never click through on the link provided. If you want to check the status of your account, open a new browser window and log into your PayPal account from there.

I always forward these emails to spoof@PayPal.com and let them deal with it. Then delete the suspicious email.

5 replies, 334 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 5 replies Author Time Post
Reply For those who use PayPal, be on the alert for phishing. (Original post)
News2Me Mar 2017 OP
Juan Rico Mar 2017 #1
Scary Red Mar 2017 #2
News2Me Mar 2017 #3
cologeek Mar 2017 #4
762Justice Mar 2017 #5

Response to News2Me (Original post)

Thu Mar 9, 2017, 09:58 AM

1. I've gotten a number of those over the years.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to News2Me (Original post)

Thu Mar 9, 2017, 10:03 AM

2. I get those, and I gotta say the bastards are getting better at it...

Used to be you could tell by the misspellings, but now they look real.

They still haven't gotten the reply address right, and if you peek at the url at the link it has some spoofiness that might have "paypal" in it, but ain't paypal.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Scary Red (Reply #2)

Thu Mar 9, 2017, 10:06 AM

3. Yes, they have improved over the years. It was easier to spot them before.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to News2Me (Original post)

Thu Mar 9, 2017, 02:17 PM

4. I never click on the link to any email that purports to be from a site I do business with.

I'll always check in using saved links and go from there. I feel safer doing it that way.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to News2Me (Original post)

Fri Mar 24, 2017, 08:17 PM

5. It's a constant worry.

That is excellent advice to not click links in email. Go to the site from a known good bookmark, enter it manually, or google the company name and use the official page.

Other trending items are zipped javascript files acting like documents, and MS Office type documents are still quite popular as vehicles for malicious macros. Recent trends in Email subjects have been Subpoenas,Invoice number XXXXXX, Divorce Papers, Missed deliveries, and Problems with Amazon orders. They are quite effective. When we perform phishing tests against companies, we have reasonably good click through rates.

There are a few easy things you can do to help yourself at little or no cost:
Use OpenDNS; https://support.opendns.com/hc/en-us/categories/204012907-OpenDNS-Device-Configuration
OpenDNS will stop your device from being able to resolve names for servers that are known to host malware or be phishing targets, preventing you from getting there. Last I checked, personal use was free.

Run a realtime scanner: Malwarebytes premium is not bad, and is not overpriced. The stuff that comes with Windows is ok, but does miss a lot. All solutions will miss some things, but you just want to get closer to the goal.

Password reuse: Using the same password all around the Internet is asking for trouble. Login credentials are stolen all the time. You don't want the password for the forum you use once in a while to be compromised, and have it work easily for your online banking or medical logins. Using a password manager like Dashlane or Lastpass will help you keep track of multiple passwords, and keep important passwords changed every 3-6 months. I crack a lot of passwords as part of my work, and people are terrible about creating and managing them.

Think before you click.

For those more technically inclined, but not deep into the Internet security end, feel free to post here, and I can let you in on some great stuff you can do for free, if you want to spend the time on it. There are unified threat management systems that can protect a whole household for free, and do a very good job of it, but do require some technical abilities to set up.

Reply to this post

Back to top Alert abuse Link here Permalink

Moneymoneypaypalphishingscam