Paypal scam is almost believable, but not quite

email

[logician2u]

To: "logician2u" <logician2u@myisp.com>

From: service

Subject: Confirm Your Information!

Reminder: Confirm Your Information

Dear Customer,

This is a reminder that we need you to confirm your information. This is a recent measure to protect our customers.

---

How To Confirm Your Information
PayPal always keep in touch with it's customers. Please use instructions below.
		Step 1:  Follow this link located at PayPal server to fill needed information.
		Step 2:  Log in to your PayPal account. Click on the "Profile" link in the "My Account" menu and check information that you submitted.

---

Why Confirm Your Information?

It increases security
Keeping your information up to date with PayPal helps to avoid unauthorized charges of your credit card thus improving your account value. This process increases the safety of the entire PayPal payments network.

Verify your PayPal account
Your PayPal account becomes verified once you confirm your bank account. With a verified account, there is no limit on the amount of money you can send through PayPal when you choose to make these payments using funds from your bank account.

---

Protect Your Password

Never give your password to anyone and only log in at https://www.paypal.com. If anyone asks for your password, please follow the Security Tips instructions on the PayPal website.

---

Thank you for using PayPal! The PayPal Team

---

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.

PayPal Email ID PP812

Phone Numbers of Major U.S. Banks
To assist you in keeping up to date your bank account information, we have provided the following list of major U.S. banks, their customer service phone numbers and URLs: Bank of America http://www.bankamerica.com
	Arizona, Arkansas, Iowa, Illinois, Kansas, Missouri, Nevada, New Mexico, Oklahoma: 1-800-944-0404 California 1-800-237-8052 Florida, Georgia 1-800-299-2265 Idaho, Washington 1-800-442-6680 Seattle 1-206-358-6299 Maryland 1-800-235-8844 North Carolina, South Carolina 1-800-333-6262 Oregon: 1-800-873-2632 Tennessee 1-800-999-1642 Texas 1-800-247-6262 Virginia 1-800-880-5454 Washington, DC 1-800-337-2324 All Other States 1-800-880-5454
Bank One http://www.bankone.com
	Arizona 1-800-366-2265 Colorado 1-800-372-2651 Florida 1-800-225-5623 Illinois - Chicago Metro 1-888-963-4000 Illinois - Outside of Chicago Metro 1-800-452-3141 Indiana 1-800-234-7350 Kentucky 1-800-542-2218 Louisiana 1-800-777-8837 Michigan 1-800-225-5623 Ohio 1-800-310-1111 Oklahoma 1-800-995-0712 Texas 1-800-695-1111 Utah 1-800-877-0608 West Virginia - Central 1-800-862-2651 West Virginia - South 1-800-828-8445 Wisconsin 1-800-947-1111
Bank Boston http://www.bankboston.com 1-800-788-5000 California Federal Bank http://www.calfed.com 1-800-843-2265 Charter One Bank http://www.charterone.com 1-877-242-7837 Citibank http://www.citibank.com 1-800-627-3999 Commerce Bank http://bank.commerceonline.com 1-888-751-9000 Commerce Bank http://www.commercebank.com 1-800-746-8704 First Union National Bank http://www.firstunion.com 1-800-275-3862 Fifth Third Bank http://www.53.com 1-800-972-3030 Fleet Bank http://www.fleet.com 1-800-841-4000 Key Bank http://www.keybank.com 1-800-539-2968 The Chase Manhattan Bank http://www.chase.com 1-800-242-7324
U.S. Bank http://www.usbank.com   Minneapolis, St. Paul Metro (612) 872-2657 Portland Metro (503) 872-2657 Denver Metro (303) 585-8585 All Other Locations 1-800-872-2657
Union Bank of California http://www.uboc.com 1-800-238-4486 Washington Mutual Bank http://www.washingtonmutual.com 1-800-756-8000
Wells Fargo Bank/Norwest Bank http://www.wellsfargo.com
	New Mexico, Nevada, Utah, Arizona, Texas, Iowa, Colorado 1-877-206-7990 California and all other states 1-800-869-3557

[logician2u]

The scammers are getting clever these days.

Not only does this email phishing trip contain valid PayPal links and phone numbers, but the formatting is nearly identical to what you may on occasion receive from PayPal.

[NOTE: Because FreeRepublic software precludes adding style sheets with a post, the above does not have all the niceties such as fonts, spacing and PayPal's little dots to separate blocks of text. They're there in the original, though; if you really want to see what the email version looks like, copy and save the style sheet along with the HTML for this post. Then make a regular HTML file with header, body, etc., including the style sheet. Just don't use it like these scammer are doing, please. I don't wish to be a party to fraud.]

PayPal users are well advised to follow their suggestions to avoid getting scammed.

Here are three obvious hints that the message is a fraud:

1. The message subject is from "service." Service who? It doesn't say.
2. The salutation is "Dear Customer:" PayPal knows your name if you're enrolled; don't you think they'd use it if they are asking you for personal information?
3. RED FLAG -- "PayPal always keeps in touch with it's customers."
   Successful business enterprises don't confuse contractions with possessive pronouns.
   Well, maybe the boss slips up once in a while, but copywriters don't very often.
   And a proofreader always checks email sent out to millions of customers, knowing at least one of them will be an English teacher.

Anybody else spot something that would identify this spoof email message as not being from who they say it is?

[NonValueAdded]

Caution: have the links in the posted message been sanitized or do they lead to the phish site? If the latter, I strongly suggest an edit so we do not perpetuate the scam.

[Not_Who_U_Think]

Yes, there's usually a tip-off in the grammer if you look carefully. Notice the 'link' to follow is an IP address, not fully qualified domain name.

[writer33]

Never used it, nor will I. Knock on wood. If I can't put my credit card number out there to be stolen, I ain't happy. :)

[PurVirgo]

When you follow the link it says to follow, it opens in the window with an IP addy as its URL

No paypal.com/whatever

ALWAYS look in the URL window to see if you are where you think you are.

When you sign up for a PayPal acct, they already get your personal info there. Therefore, why would you need to re-submit it??

My bank issued a worning last week about these email phishers

They included a copy of the suspicious email, and it really looks authentic.

These guys are getting pretty clever.

[Odyssey-x]

The gigantic red flag is the ip addresses in the links. It would be going to a paypal domain if this was for real. Of course anything asking for personal information like this is almost always a red flag for a scam.

[PurVirgo]

http://210.78.22.113/

Is the IP and URL

Any chance we can be a do-gooder? Who would we send this info to to report it?

[dalebert]

I got one of these and now way did I fall for it.

[Prime Choice]

inetnum: 210.78.22.64 - 210.78.22.128
netname: SHJITONG-CN
descr: JiTong Shanghai Communications Co.,Ltd
country: CN
admin-c: ZQ15-AP
tech-c: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed: kevin@gb.com.cn 19990826
status: ASSIGNED NON-PORTABLE
source: APNIC
changed: hm-changed@apnic.net 20020827

person: Zhongbao Qian
address: Room 1001,Lekai Builing,Shangcheng Road,
address: Pudong Xin district,Shanghai
country: CN
phone: +86-021-58313170
fax-no: +86-021-58312630
nic-hdl: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed: kevin@gb.com.cn 19990826
source: APNIC

[Prime Choice]

It's our "friends" in China pulling another scam.

What's really sad is that even if 1% of the recipients of this scam fall for it, the perps still stand to make a killing.

: (

[Theo]

status = "Getting WHOIS results...";

Country: CHINA

ARIN says that this IP belongs to APNIC; I'm looking it up there.

status = "Looking up at APNIC...";

Using cached answer (or, you can get fresh results).

% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 210.78.22.64 - 210.78.22.128
netname: SHJITONG-CN
descr: JiTong Shanghai Communications Co.,Ltd
country: CN
admin-c: ZQ15-AP
tech-c: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed: kevin@gb.com.cn 19990826
status: ASSIGNED NON-PORTABLE
source: APNIC
changed: hm-changed@apnic.net 20020827

person: Zhongbao Qian
address: Room 1001,Lekai Builing,Shangcheng Road,
address: Pudong Xin district,Shanghai
country: CN
phone: +86-021-58313170
fax-no: +86-021-58312630
nic-hdl: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed: kevin@gb.com.cn 19990826
source: APNIC

[Theo]

Darn you. You got the info while I was still searching for it. :-)

Isn't http://www.dnsstuff.com great?

[BlessedBeGod]

I've gotten two of these in the past week. Luckily, I was suspicious and logged onto PayPal to see if they had any info about fake emails. They did, and I forwarded both emails to the address they indicated. They replied, saying that both emails were fakes.

What I'd like to know is how the scammers got my PayPal email address. I must have 15 different email addresses (which I use for different things), and the only one to receive these emails is my PayPal email address.

[flying Elvis]

The Chinese are the biggest scammers on Ebay, and Ebay does little or nothing about it.

[Big Horn]

Send it to Paypal spoof.

[logician2u]

I strongly suggest an edit so we do not perpetuate the scam.

Thanks for your suggestion.

I hesitated to post the link as it came to me, but was not sure whose URL to enter. The real PayPal? That might give people on this forum the idea it was legitimate when it's obviously not.

The email message I got came in about five hours ago.

We'll see how quickly the spoofers' site disappears. I have great confidence it will. eBay/PayPal doesn't waste any time threatening ISPs hosting scammers.

[PurVirgo]

LOL - That's why I love FR

I can always count on somebody beating me to the punch

[NonValueAdded]

To complain to the ISP, try: http://spam.abuse.net/userhelp/howtocomplain.shtml

There is also a few federal sites that handle complaints, maybe something at the FTC but I don't have any addresses.

[o_zarkman44]

one more tip off is that pay pal will always identify you by name, and not by dear customer, or dear (insert your email addy). I got a similar spoof, but it was a notification (From the PayPal Team) that some of my Paypal services had been disabled. Then the letter purported to say that during maintainance of the site, it was believed there had been a 3rd party breach of the account. If I followed the link, which very closely resembled the PayPal url, that some of the features of paypal were deactivated and I would have to follow the link to reactivate the features. It almost fooled me to the point that I clicked on the link...... but noticed I was being re-directed to another web site.

I closed it, and after doing some investigation, forwarded the email to pay pal. Hope they catch the crooks.

[Prime Choice]

Darn you. You got the info while I was still searching for it. :-)

Guilty as charged, SIR! : )

Isn't http://www.dnsstuff.com great?

Dunno. I'm a Unix command-line geek. I manually dug up the APNIC record.