Beware prishing paypal attempts

I've had two emails so far today:

 

(1) New login from your account supposedly sent from: service@intl.paypal.com

 

    We need your help to resolve unauthorized activities

    Dear Customer,
   We just wanted to confirm that you've changed your password. If you didn't make this change, please check information in here. It's important that you let us know because it helps us prevent unauthorised persons from accessing the PayPal network and your account information.

   We've noticed some changes to your usual selling activities and will need some more information about your recent sales.

 

It should have your name not "Customer".

Sign on to paypal directly -- if the password works you know it's a prishing attempt.

Send the message (if possible with headers) to "spoof@paypal.com"

 

If you can look underneath at the raw data (easier for some mail programs than others) then you can look for suspicious details. In this case the email was from service@demspals.com. The important link in the message was to a short-URL (hiding where you were actually going).

 

...

 

(2) Your recent transaction has been declined supposedly sent from: service@intl.paypal.com

 

   We need your help to resolved your account

   We've noticed significant changes in your account activity

   Dear Client,
   We wanted to let you know your account has been limited because we've noticed significant changes in your account activity. As your payment processor, we need to understand these changes better. for this we limit the activity on your account, until this issue is resolved.

   Log in to your account and provide the requested information. If we don't receive this information, we will be unable to remove this limitation. Once we receive and review your documentation, we will email you regarding the status of your account.

 

As with the first email, does not have your name (this time they go with "Client"). The actual email it comes from is a fake: mamadede@eaypals.com.  The important link in the message was to a short-URL (hiding where you were actually going).  Another variation for this message was additional boilerplate lines at the end regarding Singapore banking rules.

 

I shipped the raw message data off to spoof@paypal.com to deal with.

 

...

 

The usual warning -- sign on to paypal directly -- not through an email link.

 

-..-

Message 1 of 3
latest reply
2 REPLIES 2

Beware prishing paypal attempts

Sneaky. Those varmints. 

Message 2 of 3
latest reply

Beware prishing paypal attempts

Was surprised to get a thank you note from paypal for helping them to take action against a fake website (which I assume the short URL in the email used).  Smiley Happy

 

-..-

Message 3 of 3
latest reply