[manhattanprjkt83]

Hey everyone to all of you who use paypal alot, i recieved an email from them yesterday stating that they needed to update or verify records. They asked for alot of information things such as:

Credit card #
Exp Date
Verification # on the back
ATM Pin # !?! that was the one that got me.

I have had the account for about a year. I just wanted to see if anyone else has recieved this mail, and is it legit . I know there are some scams that go around regarding paypal.

anyone???

 

[Echo]

Paypal will never ask you for that info. Definitely a scam.

 

[jacksonpt]

yep - that's got scam written all over it.

 

[Barbaton]

sounds like a classic phishing scam to me. be very careful with those. make sure you check the actuall address of any links in the message very carefully. usually they're some random IP instead of an actual Paypal address.

never ever give anyone even Paypal if it were legitimate your ATM PIN!!!

 

[Echo]

make sure you check the actuall address of any links in the message very carefully

No need to check the actual address of the links. Don't even follow the links. PAYPAL WOULD NEVER ASK FOR THAT INFORMATION!

 

[manhattanprjkt83]

No need to check the actual address of the links. Don't even follow the links. PAYPAL WOULD NEVER ASK FOR THAT INFORMATION!

You would not believe how good this email looks, so professional. Like posted above all links look legit too. I am usually very adept at seeing through this type of thing as well. Another thing worth mentioning, is that it did get through into my gmail account, which is almost spam free, be careful everyone

 

[douglas]

yeah go ahead, but before you do can you payapl me some $ out of your checking account cause it will be gone by next week anyway

 

[douglas]

let me check my junk folder, yup theres already a paypal/ebay email(scam) in there from today



eBay Billing Information :



Dear eBay member,
We at eBay are sorry to inform you that we are having problems with
The billing information of your account. We would appreciate it if you
Would visit our eBay Billing Center and fill out the proper
Information that we are needing to keep you as an eBay member.
If you don't comply until the 10st Jun 2005, your eBay membership may be suspended.

Sign in Here https://signin.ebay.com/ws/eBayISAPI.dll


As outlined in our User Agreement, eBay will periodically send you
Information about site changes and enhancements. Visit our Privacy
Policy and User Agreement if you have any questions.

Thank you!
Copyright © 1995-2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.

 

[Sorgie]

Yeah, it is definitely a scam. I've received that message like three times now and also for other accounts (credit card, banks) that I don't even have. It does look professional. I was a little confused because I started getting it right after I used my Paypal account. I believe you can forward the email to spoof@paypal.com so they can investigate.

 

[binary visions]

This is a fairly obvious scam, but the general rule to follow is that if you think something might be legit, manually open your browser and type the site into the address bar (don't click on any links in the email), and log onto your account. If there's a problem, there will be an announcement about it, or your account will be disabled, or something.

 

[hooples3]

yeah, i would def go into ebay or paypal directly and then sign in...like binary said if there is a problem you will see it then

 

[N8 v2.0]

The latest way to harvest your info doesn't require you to click on a phishing email...


Welcome to to Pharming:
http://www.brown.edu/Facilities/CIS/security_blog/archives/000610.html

Pharming / Phishing – What’s a User To Do?
Susan A. Baumes, Systems Manager, Bio Med Community Health
Posted on April 18, 2005 03:35 PM

I’m confused, everyone is talking about phishing and pharming. What does it all mean? Do I need to be worried? How do I protect myself from something I don’t understand?

You are not alone. Many people feel the same way about the terms that technical folks use. I’ll try to shed some light on the actual problem.

What is it?

Pharming (pronounced ‘farming’) and phishing (pronounced ‘fishing’) in a nutshell are two ways that bad people are trying to get your personal information. Your personal information may be your name, address, SSN, mother’s maiden name etc. Personal information is information about you that you would not give a total stranger. It is information that you want to protect.

How do they get my information?

The bad guys are pretty smart. They have come up with some new and interesting ways to get our information.

In pharming attacks, you think you are going to a certain website but you are actually going to a bad site. They do this be something called: “DNS Poisoning”. Computers communicate using numeric addresses; humans communicate using words. So when we want to visit a website we type www.brown.edu; a computer called a Domain Name Server (DNS) converts that into a number eg: www.brown.edu = 1.1.1.1. The DNS computers all speak nicely to one another and share information. The bad guys create a DNS server that has been poisoned, eg. www.brown.edu = 9.9.9.9. Since all of the DNS servers share information, the REAL DNS machines become poisoned eg. www.brown.edu is changed from 1.1.1.1 to 9.9.9.9.

Now if the user types in www.brown.edu they will go to 9.9.9.9, which is a bad guy’s web site. If this was a banking website, people would just think they were visiting their bank’s website. The bad guy collects your information and then passes that information onto the REAL website.

What do I do to protect myself?

There are a few things that you can do to protect yourself

1: Be suspicious if you correctly type in a web address and get an error message

2. Use websites of companies that have protection through VeriSign http://www.verisign.com/ (or other reputable companies).

3. Users may want to use security programs like Norton Internet Security or
Anonymizer that are updated to offer protection from pharming scams: http://www.symantec.com/ http://anonymizer.com/

4. Consider using adware/spyware detector and removal programs, such as:

-Ad-Aware - http://www.lavasoftusa.com/
-SpySweeper - http://www.webroot.com/
-Spybot Search and Destroy - http://beam.to/spybotsd​

1 - kurt the cyber guy. ”Pharming Attacks”, Copyright © 2005 Tribune Interactive, Inc. All rights reserved. URL: http://ktla.trb.com/news/local/cyberguy/stv-cyberguy-040104-1,0,5881078.htmlstory

 

[manhattanprjkt83]

ok so i got this email last night and started to fill out the requested info before i said WAIT A MINUTE! now i am like 98% sure i didnt click submit, but a part of me is totally freaked that i did. i know i sound like a idiot at this point, but what would you s do?



should i cancle the card?

 

[DHS]

ok so i got this email last night and started to fill out the requested info before i said WAIT A MINUTE! now i am like 98% sure i didnt click submit,

dude thats scary don't even say that.

 

[manhattanprjkt83]

try being me, i should most likely cancel the card shouldnt i...

 

[manhattanprjkt83]

canceled my card, thanks for freaking me out everyone

 

[sanjuro]

canceled my card, thanks for freaking me out everyone

Yeah, sorry you got caught, but you did the right thing by cancelling your card.

One simple rule is never, ever send anything important via email. Like credit card numbers, passwords, even your social security number. And any email that requests this information is also suspicious, like a man in a bank wearing a ski mask.

Web browser communication can be secured but email cannot (unless you know how to use PGP). Your email bounces around a bunch of places before it gets to its destination, and you can never be sure who is listening (it is called "snooping").

 

[binary visions]

Your email bounces around a bunch of places before it gets to its destination, and you can never be sure who is listening (it is called "snooping").

I always treat my email like a postcard. I never put anything in email that I wouldn't write on the back of a postcard - because, while the chances are that it gets sent, bounced around, and arrives at the destination without being read, it's awfully easy to flip that post card over and look at what's written on the back.

 

[manhattanprjkt83]

Yeah, sorry you got caught, but you did the right thing by cancelling your card.

One simple rule is never, ever send anything important via email. Like credit card numbers, passwords, even your social security number. And any email that requests this information is also suspicious, like a man in a bank wearing a ski mask.

Web browser communication can be secured but email cannot (unless you know how to use PGP). Your email bounces around a bunch of places before it gets to its destination, and you can never be sure who is listening (it is called "snooping").

Yeah this is all info that i know i guess, i was just being a moron for the moment, like i said...Im almost 100% sure i had nothing to worry about, but i did not want to take the chance, i will have a new card in 5 business days. :