Hi guys...I got this e-mail yesterday from paypal regarding an email I got from them before. The first one said that my account had changed and I need to login to update it or something. I put it off because I had not changed anything and the e-mail just appeared out of nowhere. (I also reported it as spam by the way). Today, I get another one in my spam folder from them and it reads:

"Your account will be suspended !


We are contacting you to remind you that on 10 November 2006 our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement and to ensure that your account has not been compromised, access to your

account was limited. Your account access will remain limited until this issue has been resolved.

To secure your account and quickly restore full access, we may require some additional information from you for the following reason:

We have been notified that a card associated with your account has been reported as

lost or stolen, or that there were additional problems with your card.



To securely confirm your PayPal information please go to your PayPal's Update Profile or click on the link bellow:


Click here to activate your account






Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.

PayPal Email ID PP423"

I am thinking that its fake and someone trying to get my account. Anyone have any idea?

EDIT:I log into the account via my own browser(not clicking the link) and everything looks fine no information on any of this. I am just curious because the email is from support@paypal.com which seems to me to be a pretty valid email address. Any ideas how I can check more into paypal to see if it really a valid email...

My wife got them as well.

Click on the link in the email ... but don't enter any personal details.
Take a look at the source code for the page, you will find something with an IP address. Its BS.

If you are using Firefox with the phishing detector or Opera with the phishing detector as well, it will say its a bogus site.

Thanks for the heads up, although I don't personally use PayPal. It seems like phishing, spamming, and password cracking is going nuts these days. I just got on MySpace and pretty much everyone's has spyware or their password has been stolen. My mom has also started getting spam text messages.

got an official IRS page that came up on the email but clicking on anything just brought up a blank page.....hmmm...and said i was due $200 back...but wait that $25 fee was addressed to someone in Mexico?

I am a pro at dealing with this crap. It's my job, and I'm paid well for it.

That e-mail is fake. The e-mail address is spoofed. Paypal ALWAYS addresses you by your full, registered name. You did the right thing in signing in directly at Paypal.com. If there were any problems, you would have found out then. If you still have this e-mail, can you download it as a .eml file and e-mail it to me? If so, I'll IM you my work mail and I can get that idiot shut down.

Do NOT click on the link. Hover over it and you will see something that is definitely not Paypal. Do NOT give any personal info if you did click it. Don't click the link to try to figure it out for yourself. I often see URLs that forward to a site with a masked domain making it look in the address bad like it's legit, even using what would be the correct URL were it from Paypal.

The feds also aren't going to notify you of money owed to you by e-mail, Chase isn't going to give you $25 for filling out a survey, and babyphat96 didn't really send you a message via eBay.

The feds also aren't going to notify you of money owed to you by e-mail, Chase isn't going to give you $25 for filling out a survey, and babyphat96 didn't really send you a message via eBay.

You forgot to mention the naked pics of Anna Kournakova.

I got one of these a week or so ago. Too bad I dont have a paypal account.

Submit your email like that to http://phishtank.com , it was featured on digg about a month back when they started it.

Submit your email like that to http://phishtank.com , it was featured on digg about a month back when they started it.

I'm familiar with phishtank, but they do nothing to prevent these messages from getting to inboxes and to people who may fall for them, like old people. I do.

I'm familiar with phishtank, but they do nothing to prevent these messages from getting to inboxes and to people who may fall for them, like old people. I do.
I follow the links. Then report the sites to te Phishing sites that OPera now works with. It works pretty well - for a new service (in beta in Opera 9, and currently OFF by default as of the current build) - and so far has picked up 50% of the sites I have followed through on.

I know Firefox has similar capabilities - not sure about IE by default, but the more work done in this area the safer it will be be for the general internet user population.

Then again Phishers will just change the bait :(

Then again Phishers will just change the bait :(

The only real cure is a wiser user-base. I was amused recently about a poster in the bank trying to reduce check fraud. One of the warning signs listed that a check might be fake was "You sold something on EBAY"

I am just curious because the email is from support@paypal.com which seems to me to be a pretty valid email address.Wow. Just wow. Are you kidding?


anyway.......


On a side note....

What kills me is that a lot of the times these phishers will use DIRECT HOTLINKS FROM PAYPAL OR OTHER SITES! Direct hotlinks! Are you kidding me? How hard would it be for paypal to change "paypal.jpg" to an image that says: "THIS IS A FAKE E-MAIL. DELETE IT."

Anyway, Klitzy's comment made me laugh. Hahahaa, the e-mail looks real... oh man. Welcome to SMTP 101.

Anybody notice all the Myspace phishing sites?

Anybody notice all the Myspace phishing sites?Nope ... friends don't let friends do Myspace ...

Nope ... friends don't let friends do Myspace ...

If your my age and you don't have a myspace then you have no friends. ;)

Ya gota talk to your buddies some how. LOL

If your my age and you don't have a myspace then you have no friends. ;)

Ya gota talk to your buddies some how. LOLTruer ords have never been typed ... if you NEED myspace to have friends, then you really DON'T have any friends.

Truer ords have never been typed ... if you NEED myspace to have friends, then you really DON'T have any friends.

No, I was saying that everyone has a Myspace. Its a way of talking to the friends you ALREADY have. Its just another way of communicating with all of your buddies.

No, I was saying that everyone has a Myspace. Its a way of talking to the friends you ALREADY have. Its just another way of communicating with all of your buddies.Kids these days ... we used to hang out at the Student Union bar, and have real conversations, swap CDs and bootlegs, play video games (standup coin ops), etc.

I guess avoiding human contact helps avoid the awkward "Who's turn is it to go to the bar" conversation.

Another thing Ive done several times is trace the links, find out who they belong to, and report to their host, and 3/4 times, the site is shut down within 10-15mins of reporting. Lately, I've just been so busy, thers about 600 spam in my spam box, and I just delete them.

Wow. Just wow. Are you kidding?


anyway.......


On a side note....

What kills me is that a lot of the times these phishers will use DIRECT HOTLINKS FROM PAYPAL OR OTHER SITES! Direct hotlinks! Are you kidding me? How hard would it be for paypal to change "paypal.jpg" to an image that says: "THIS IS A FAKE E-MAIL. DELETE IT."

Anyway, Klitzy's comment made me laugh. Hahahaa, the e-mail looks real... oh man. Welcome to SMTP 101.


From addresses are easy to spoof. EASY! So who is appears to be FROM is pointless.

Paypal doesn't host its images from paypal.com. No, they stupidly use paypalobjects.com. eBay does the same thing. I can't figure out why they're so stupid on this. Since their hosting domain changes every few months, it would be easy for phishers to simply sign up for any domain that has Paypal or eBay in the title and copy and host the pics there.

Don't underestimate phishers. They are tricky bastards. Hundreds of minds at my company work diligently day in, day out to try to keep up with them. And I don't work for some two-bit company in some obscure location. I laughed inwardly reading some people here on Rev3 trying to find a way around our software. With the brilliance that phishers do have, you'd think they would find it more worthwile to do something legit with their lives. Too bad phishing is so damned lucrative.

I follow the links. Then report the sites to te Phishing sites that OPera now works with. It works pretty well - for a new service (in beta in Opera 9, and currently OFF by default as of the current build) - and so far has picked up 50% of the sites I have followed through on.

I know Firefox has similar capabilities - not sure about IE by default, but the more work done in this area the safer it will be be for the general internet user population.

Then again Phishers will just change the bait :(


Another thing Ive done several times is trace the links, find out who they belong to, and report to their host, and 3/4 times, the site is shut down within 10-15mins of reporting. Lately, I've just been so busy, thers about 600 spam in my spam box, and I just delete them.


Lovely idea, but it doesn't work well. Blocking messages based on HTML, graphics, text, as well as URLs known to belong to/be used by phishers (and spammers) is more effective than just shutting down a site. In that 10-15 minutes, I can guarantee you that you aren't the only one who got that message. Multiple methods used to block these messages are far more efficient that just getting a site taken down.

Kids these days ... we used to hang out at the Student Union bar, and have real conversations, swap CDs and bootlegs, play video games (standup coin ops), etc.

I guess avoiding human contact helps avoid the awkward "Who's turn is it to go to the bar" conversation.

I miss those days.