Welcome

Literary

Internet

Work at Home

Financial

Personal

Holiday

General

About this Site

[?] Subscribe To This Site

PayPal Scam

The PayPal scam involves scammers sending emails to Paypal customers and trying to get them to log into their account using a link in the email that actually takes them to a fake site imitating the Paypal site.

When users enter their username and password, the scammers could then use this information to drain the user's account.

The scammers often use stolen credit card details to register a fake domain name for a quick-hit scam.

In a recent PayPal scam some customers received an email saying they have a large payment waiting for them in their account. The site, deceptively named PayPai.com, was a convincing duplicate of the real thing - but according to Network Solutions, Paypai.com is registered to Birykov in South Ural, Russia.

The message then offers up a link, urging the recipient to claim the funds. But the URL that is displayed for the unwitting victim uses a capital "i" (I), which looks just like a lowercase "L" (l), in many computer fonts.

PayPal scam

So, when the victim clicks on that link, he or she is directed to a copycat Paypal scam login page that's really sitting on a British Web hosting service called "Easypost". If the victim does log in, the user name and password are sent to the scam artist. The email sent was similar to:

Mike Smith just sent you money with PayPal. Amount: $827.46 Click here to get you new account bonus! http://www.PayPaI.com/bonus Did you know you can earn money with the PayPal Refer-a-Friend program? Go to http://www.Pay-Pal.com/specialoffers for more details. To view your PayPal balance or other account information, log in at http://www.PayPaI.com/login

A variation of the Paypal scam e-mail, titled "URGENT: PayPal Account Update" starts off by saying:

"Dear PayPal User, Today we had some trouble with one of our computer systems. While the trouble appears to be minor, we are not taking any chances. We decided to take the troubled system off-line and replace it with a new system. Unfortunately this caused us to lose some member data. Please follow the link below and log into your account to make sure your information is not affected. Account balances have not been affected."

It then says that: "If fees would normally apply, you will not pay anything for the next two incoming transfers you receive" because of the inconvenience of having to re-enter data.

The URL listed was https://www.paypal.com/cgi-bin/webscr/?cmd=_login-run. However, when clicked on, it directed the user to a supposed secure site, but with a URL starting with: http://www.paypalsys.com/ [no s after http]. Users were then asked to log in with their e-mail addresses and their passwords.

Another Paypal scam email to extract the information says:

Dear Pay pal valued member,

Due to concerns, for the safety and integrity of the pay pal account we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension. This notification expires on 48 hours. Once you have updated your account records your pay pal account service will not be interrupted and will continue as normal. Please follow the link below and login to your account and renew your account information.

PAY PAL Link (which really takes you to a scam pay pal page!)

Sincerely,
Pay pal customer department!

The Paypal scams are becoming more sophisticated, and now sometimes arrive in the form of HTML e-mails complete with PayPal logos and type faces. They offer Web links to sites that even contain the little lock symbol of security. The Web site addresses are subtly different from PayPal.com, however.

What to do for the Paypal Scam

Remember, even if an e-mail or website has all the necessary credibility elements and is devoid of the normal warning signs, it can still be a phishing e-mail. Legitimate companies don't (or shouldn't!) ask for important information by e-mail. If you are unsure if an e-mail is legitimate or not, visit the company's website by typing it directly into your address bar (links can fool you) or call the company using a registered telephone number (not the one listed in the e-mail!) and ask them.

Never give out personal information unless you are sure that it will be secure.

If you think you have experienced PayPal fraud or received a PayPal scam via email (e.g. a fake email pretending to be from PayPal), forward the entire email to spoof@paypal.com, and delete it from your email account. If you come across a fake PayPal website, contact their customer service team.

Please follow these tips to keep your account secure:

Only enter your PayPal password on pages where the URL begins with https://www.paypal.com/. Even if the URL contains the word 'PayPal', it may not be a PayPal webpage.

These "spoof" websites try to imitate PayPal in order to obtain your PayPal password and access to your account. Spoof websites we encountered in the past have included: www.paypalnet.com, www.paypa1.com, and www.paypalsecure.com.

Some spoof websites will send emails that pretend to come from PayPal to entice you to log in at the spoof URL. Be especially cautious of emails that direct you to a website asking for sensitive information such as your password, credit card, or bank account information. Remember, you can recognize a spoof email if it suggests that you log in to a URL that does not begin with exactly https://www.paypal.com/.

Advice from Paypal Regarding any Paypal Scam

Website Security

Type in the PayPal URL: To safely and securely access the PayPal website or your PayPal account, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com/

Password Safety

Never share your PayPal password: PayPal representatives will never ask you for your password. If you believe someone has learned your password, please change it immediately and contact Paypal regarding a Paypal scam .
Create a secure password: Choose a password that uses a combination of letters, numbers, and symbols. For example, $coo!place2l!ve or 2Barry5Bonds#1. Avoid choosing obvious words or dates such as a nickname or your birth date.
Keep your PayPal password unique: Don't use the same password for PayPal and other online services such as AOL, eBay, MSN, or Yahoo. Using the same password for multiple websites increases the likelihood that someone could learn your password and gain access to your account.

Email Security

Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information—to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
Don't share personal information via email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to www.paypal.com.
Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.

Return to Internet Scams