luigi524td

If you use Paypal and receive an email that you may be using an out of date browser - the email looks legit ... BUT IT'S NOT FROM PAYPAY!!


Don't click through the link or your paypal account may be hijacked!!


You can send the email to spoof@paypal.com so they can investigate the issue!

Cwest

I got that email also... :thumbsdown:

DKNewYork

I got that too. I just went on my Paypal account and check if I got any messages or something. Ignored and deleted the email.

DD_545i

The key to spotting these phishing mails is whether they know your name. If they say Dear Account Holder or Member, it's a scam. Only if you see your name and/or partial or whole account number (if relevant) can it be genuine. My credit card company emails always have my first name after the Dear and show the last 4 digits of my account. Then of course there's the links in the mail. Mouse-over before clicking and usually in the lower left corner of whatever program you're using (Outlook, Thunderbird, Web-browser) you'll see the link that you would go to if you clicked it. Anything other than the normal address is suspect. You can always right-click on the link and copy it and paste it into the address bar of your browser for a closer look (but don't "paste and go" which the latest versions of most browsers offer). Last thing is that as DK said above, go to your account independently (without clicking any of the email's links) in your usual way - probably via a bookmark/favorite in your browser. If there is some kind of problem, they'll tell you when you login. Either via a message that requires you to acknowledge it before you can proceed, or by something unread in your account inbox. If in doubt (and you should always be in doubt) don't click it.

If anyone doesn't know, what these scams usually do is try to scare you (in their emails) into clicking on what you assume is a link to the real site but is actually a link to their fake site. When you get there, it will look completely genuine. It takes just a couple of minutes to setup a site that looks identical to a real one. On reaching the site, they'll ask you for your user id and password and nothing (much) will look out of the ordinary. After entering your password, they might display a message something like "Error, you entered a wrong password" and after clicking on OK, they'll actually send you to the real site where you enter it again (apparently properly) and you're in. You've been led to believe you entered it wrongly once and then second time it was good. In actuality, you gave your user id/password to a fake site who then sent you onto the real one for your "second" attempt. The reason they do it like this is because if they didn't give you a fake login error, then they'd be faced with the prospect of you wanting to find stuff - like an account balance. They don't have any of that info, they don't have the whole back-end system that can really service your requests. The whole reason for their site to exist is to get your id/password. Once they've got that (and logged it) they're done. The fake error/redirect is the classic seemingly harmless to the user way out.

Some tips: If the site you visit shows a "last logged in" time or "login failed" (which one of my accounts does) think about it for a second. Was that the last time you logged in? Did you have a login fail at any point? When you are at what you hope is your real site, do you see a padlock in the lower right corner of your browser? Does it show https in the address bar? Is the address bar (or a section just before the address bar) coloured green? These are all signs of it being genuine.

Then there's ATM scams and fake virus warnings. Don't get me started on them. I'd be here all day.