Wednesday, August 24, 2005

Salvador And The Magic Email

By now, most of you know that I preach computer safety and think that everyone that owns a computer should be careful with suspicious emails. Yesterday, I stopped in to see my neighbor Salvador and thank him for edging my front yard (he really didn't have to do that.) His wife sent me upstairs to see him. As I got up there, Sal was typing in his credit card information on a "PayPal" account. I asked him, "Setting up a new account? I thought you had one already." He said he did but he got an email saying that the account may have been compromised. He had already logged in with his username and password, given his social security number and was about to give his credit card information. I stopped him just in time.

If you take your mouse and hover over a link in an email, you will see where it is sending you. (That isn't easy to fake unless they took over that company's domain name.) Usually it will say where it is taking you at the bottom of your screen. In Sal's case, it was http://hometown.aol.de/janice2233 and these places can look very authentic. Take a look. This is how genuinely scary spam can be. PayPal works in coordination with your credit card or bank account. If Janice2233 had jumped on Sal's mistake sooner, they could have changed his password and made purchases of nearly $5,000 using one-day delivery service to a generic address. Thankfully, I changed his password immediately and the only thing to worry about is that someone out there has his name, possibly his address and social security number. Protect yourself folks.

11 comments:

Jenn Doll said...

Holy shit! I kept getting an email at work saying that my eBay PayPal account needed to be updated or my account would be suspended.

I finally checked it out and it wanted my credit card number. And I thought, 'Why the hell? They already have it.' Then I wondered how the fuck they got my work email address because I don't use that one. I ignored it. They can suspend the account they claim needs to be updated.

I did however enter my already existing eBay account screenname and password before I got to them asking for my credit card number. Hope that didn't lead them to anything.

Jenn Doll said...

HEY! What's the word verification!!!???

Martin said...

Jenn - You might want to change your password on PayPal since you did enter it in on what is very likely a false site. That way they don't go in and make purchases. The word verification is something nice and new that I saw Vavoom using and I'm thinking that it very well could cut down on spammers.

LoraLoo said...

That Paypal scam has been rampant. We've had a lot of people at work fall for this one. I've also been seeing one going around again posing to be an attorney who is closing out an estate for a large sum of money. All they need is all of your information to get this money to you... scary stuff.

RT said...

You turned in 'janice2233', didn't you?

Martin said...

PayPal was notified but not AOL Germany (or wouldn't that be Deutchland Online?... oh, well.) I'd consider doing it but I don't have a copy of his email to do so but I believe that PayPal will have to jump on this to show how concerned they are about the security of their services.

Ken said...

These scams are getting more and more creative. A friend of mine tried selling a car through eBay. He got three counterfeit cashiers checks. Luckily, his plan was to wait until the checks cleared to send the car. Interestingly enough, the first three folks were from Nigeria...He finally ended up selling it for cash to a local guy.

I've had to instruct my folks on suspicious e-mails in the past. They've gotten too many viruses from opening up strange e-mail attachments

Inner Fonzie said...

Very good advice! I got an email from PayPal.. usually they are very easy to spot like you said, but this one went to paypal.com (but a subdirectory). Try as I might, I coudln't figure out if it was true or not.

The only thing that gave it away is that it said 'Dear PayPal Member' at the top, instead of my name. So I sent the email to the fraud department of PayPal and they verified that it was fraudulent.

Nearly every reputable Internet financial service provider has a fraud department. I strongly encourage anyone that gets an email and they can't tell if it is real or not, to send it to the fraud department of the institution to have it verified.

Teri said...

I have received that email twice now.. I have also turned it in twice to their fraud deparment. It is really sad, but I got to the point that I don't even open email unless I know who it is from.

Fred said...

Good tip on looking at where the link actualy takes you. I've used that trick for a while now.

What scares me nowadays are the sites that can hijack a legitimate URL, and suddenly you're entering your information on a mirror site that looks like the real thing.

Inner Fonzie said...

Fred: Yeah... taht's true. That's why, at least from the fraud departmemnts, they say you open a separate instance of your browser and type in the rrot doman and just lok in like normal. They say never to follow a link from an email, even if it looks legit.

Funny though that they still put links in their own emails :P

P.S.: This letter code entry is annoying when you can't read the darn letters...