email access to your PP and bank account fraud

jackknifeh · #1

For those who aren't aware of this.

I got an email supposedly from paypal that said I needed to update my profile for my protection. THERE WAS A LINK BUTTON WITHIN THE MESSAGE TO TAKE ME TO THE PAYPAL LOGIN SCREEN. I clicked it and logged in. Sure enough I was taken right to a screen to enter my name, address and bank account info. I got suspicious and closed the window. I called payal and was told they NEVER put links within the email message for these purposes. They suggested I change my password because the email DID NOT come from paypal. Also to contact my bank.

The paypal account was linked to my bank only with my debit card. I called the bank and suggested they suggested I canx the debit card and order a new one. I did.

Anyway, if you get an email with a link taking you to PP, your bank or something like that it is probably fraud according to my bank. Or, at least you should be suspicious and access the bank normally, not through the link provided.

I got lucky. If I had completed the profile update I would have given "someone" my bank info (rtr #, acct #, debit card #) and possibly the PP passwordd also.

Some of you may know about this type of fraud but I didn't so I posted it to help someone else possibly.

If I wasn't clear on something please ask about it.

Jack

rodloos · #2

Yep, it is a common phishing scam, I get emails all the time "from Verizon" with a huge amount due, as well as paypal and various other banks. The key is to always note what the link is. For example, the text of a link may say "http://www.paypal.com", but mousing over the link you can see that the actual url it is linked to will usually be some random website they hacked to host the faked login images. Another common tactic is to link to "www.some-site.com.www.paypal.com" -- if you don't look closely you might think that is the paypal web site, but the actual domain it will link to is the first one, "www.some-site.com".

Also common is emails from "Better Business Bureau" or an email claiming to be a "red-light citation" from New York. Always double-check any links in an email, and be very suspicious of any ".zip" file attachments.

My opinion of what ought to be done to spammers and scammers isn't fit to print on a family forum :D .

tonydahose · #3

I get those emails once in awhile. I forgot the address but can foward it to PayPal so they are aware of it. Then I click on the link and type in something very nasty about the person's mom as name and password.

jzmtl · #4

Yep, common scam, if you look at the actual address the link goes to it's not www.paypal.com, but something like www.paypal.scam.com, or www.scam.com/paypal.

jackknifeh · #5

I got tricked into a "work at home" scam a few years ago. When I found out about what it was I called the FBI (local office). They told me the one I got sucked into was ran by the Russian mafia. I know, there's no mafia. :) That's all they said. They didn't take a report because they said there were so many cases of this another report wouldn't do any good. I'm beginning to think there are dishonest people around.

Jack

Oofa · #6

I never, ever click on links from emails from any site that has my banking or personal information. I always type in the site name and enter that way. I don't even bookmark sites that have my banking info. I think that any secure site will have a lock in the top right corner and will be an https/ address instead of just an http/.

tonydahose · #7

Oofa wrote: an https/ address instead of just an http/.

what's the difference?

maa14 · #8

tonydahose wrote:what's the difference?

The "s" means it is a "secure" sight

jzmtl · #9

HTTPS has SSL encryption between your computer and server. However there's nothing prevent the scam site having it as well, so just take a look at the actual site address, the part after www. and before .com, see if it's the one you want. Alternatively never use the link inside email, type the address in your browser log in manually.

It is possible to spoof the DNS so even if you type www.paypal.com you go to scammer's site, but it's very difficult and not likely to happen unless you are specifically targeted.

The Deacon · #10

Got this one today. If nothing else, the "Dear PayPal Costumer" gave it away. :p

[CENTER]

[/CENTER]

FWIW, they can be forwarded to spoof@paypal.com although I imagine PayPal has seen plenty of them already.

tonydahose · #11

maa14 wrote:The "s" means it is a "secure" sight

Thanks.

Funny one Paul. They should have a class at scam school. English as a second language.

Sithus1966 · #12

When I get those I always forward them to PayPal. I have gotten ones for various credit cards companies to cards I don't have. I go to the card company web site to see if there is a forwarding e-mail I can use to send them onto them. I also like to mess with the scammer people by giving them incorrect CC numbers and stuff, just to screw with them.