Sophos Cloud Optix
Have you received a notification claiming that your PayPal email address has changed?
Messages like the following have been spammed out to internet users:
Subject: You have changed your PayPal email address
Attachment: Personal Profile Form - PayPal-.htm
Message body:
Dear PayPal Customer,You have added [EMAIL ADDRESS] as a new email address for your Paypal account.
If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.
NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)
Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Sincerely, PayPal Account Review Department.
Attached to the email is an HTML form (Personal Profile Form – PayPal-.htm), that requests you enter your personal information.
Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter will soon be in the hands of phishing cybercriminals.
PayPal is one of the most phished brands on the internet, as unlike traditional banks it has a truly global presence increasing the chances of a scammer successfully hooking a victim when they spam out their attacks en masse.
To its credit, PayPal offers advice about phishing on its website, and has even created a “Can you spot phishing?” challenge to help educate its users about the dangers.
The PayPal website asks that if you receive a spoof email to forward it to their security team.
Make sure that you take care when receive unsolicited emails, seemingly from PayPal. It could be that in your haste to fix a security problem you are handing your credentials over to a criminal.
I think another hint that it's a real email from Pay Pal is that they use your registered name in the heading. "Dear Pay Pal Member" should raise the red flags.
I've received several spoof PayPal messages. The most recent was telling me about a recent transaction with Skype and suggesting that I may wish to visit the Resolution Centre to challenge it. The link, of course, was phoney. But the message was very good; it really DID look like a message from PayPal.
The first give-away, of course, was the lack of a personal salutation. Then a quick look at my account showed that there was no such transaction. I forwarded all the messages to PayPal, as they request.
I wasn't born yesterday, so my first thought is to be suspicious. But, as I said, this was a very well-made spoof. I bet out of every hundred of the thousands or millions that are sent out one will hit home and net the scammer the details he's after.
Another give away is poor grammar. Notice this paragraph 'If you choose to ignore our request, you leave us no choice but to temporary suspend your account.' It should have been '….temporarily' instead of temporary. Definitely unprofessional.
yes, and if you just forward the email to spoof@paypal.com, it can help paypal with their security.
One way to combat plishing emails like this is to only use a specific email address for PayPal and other sites that need high security.
If the notice doesn't come from that email address then it is plishing email.
None of the banks or credit cards I deal with have an email address for me. Another precaution I take.
I've gotten these many times. Just mouse over the supposed PayPal.com link and it goes to carenchaffee.com … not PayPal.com. Normally I just delete these but a friend just posted an article warning about the phishing to FB and the link to PayPal for reporting. Luckily I still had one of those emails in my delete box, so I just forwarded it to them. I get these things from Western Union and banks that I have no accounts in quite often. Never click on the links in the emails … just go to the real main site and see if there are actual messages online for you.
I haven't revived any such emails till now , Though thanks for awareness . Sunny
Got an email last night, addressed to someone i have never heard of! Spoke to PAYPAL and they asked me to forward it to spoof@paypal.com If these low lifes are going to try and rip people off at least try and get the basics right!
Spotted from a mile away with just one sentence……
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Learn English first before you try to fraud people. [Expletive deleted.]
I gave just recently (this morning) gotten emails telling me that a new address, a new phone # and a new email address were all added to my account! I contacted paypal, but have not heard anything back.