Legitamate PayPal Emails Being Flagged As Spoofs By PayPal Spoof Review?
Or Have Scammers Found A Drafty PP Back Door?
On 04/21/2009 I received the below email from PayPal. It was sent at 11:32 PM after I was sound asleep the night before. As usual I pulled the headers up – and everything about the message pointed right back to PayPal as the sender. As a matter of habit I forwarded the message to spoof@paypal.com along with the headers. I also validated the phone number via a Google Search and it traced back to PayPal too.
Several hours later I got a reply back from spoof-review@paypal.com saying the message was not sent by PayPal and it links to a FAKE WEBSITE! Scratching my head in disbelief.
I had not clicked the link before – but the curiosity was getting the best of me, so I ran CCleaner on my system deleting all my cookies, cache, etc, then clicked the link. It brought up a secure page on paypal.com saying the link had expired. There was another option to confirm my identity at the bottom of that page.
I selected email and then clicked continue. The page reloaded saying i should receive an email at blank – but never received one. I did a view source of the page and everything suggests I was on the official PayPal website. Also note the https secure notifications in all the website screen shots showing I was on secure PayPal pages.
So my question is – did a scammer try to hack my PayPal Account? Or have Scammers found another way into PayPal? Though I don’t see anything fraudulent in any of the pages displayed. I’m thinking PayPal is simply flagging their own emails as fraudulent. Could they be using delayed auto-responders on messages sent to spoof@paypal.com?
Please CLICK HERE To See All The Screen Shots.
Tagged with: Fake PayPal Websites • PayPal • PayPal Scams • PayPal Spoof Emails
Filed under: PayPal
Like this post? Subscribe to my RSS feed and get loads more!
You are joking, right?
A ten year old with toenail clippers could hack paypal! roflol!
Go over to youtube and search for “Is paypal secure? Apparently not” Watch that, the response to it, and then look around. Some vids are actual demos of PP hacking software with people’s details/data shown etc. I seriously doubt they are all scams aimed at robbing the fools who respond to them. There are hacked accounts for sale all over! I also doubt they are all the result of “phishing”.
Even Paypal forum cheerleaders have been getting hacked and taken over.
The hackers stopped all the other stuff because they have better ways now, a direct line into PP.
There is a LOT more I could say, but I think I will just leave it at that.
Bottom line though, Paypal is not safe, not secure, not to be trusted.
Smart people will close down their accounts, make sure they take care of connected bank accounts and CC numbers etc too.
I’m assuming that the responses to spoof@paypal.com are canned responses, but they’re either sent out manually upon physical confirmation, or the potentially ‘spoofed’ emails are parsed by a script, and then the response is automatically sent out. Either way, the responses have always been the same for me. Though, this must be a mistake, or maybe your email client stripped the phishing URLs and only displayed the proper links? I know that sometimes Outlook will remove links from a suspected phishing email & only display the actual display links — but I really don’t know.
To the first response, “Giovanni”, though — comparatively speaking, it seems that PayPal is quite secure — at least as secure as the credentials that people use to secure their accounts & the methods they take to secure that information on their PCs. Sure, there are a lot more reports of people hacking PayPal accounts than local, regional, or national online funding accounts (banks, merchants, etc). But — how many online banks, who’s customer base is as wildly diverse as PayPal’s, can boast over 100 million users?
The biggest risk factor with any major online funding management system is typically the user, and it’s not only their choice in how they protect their login data (using a strong password, for instance), but how they protect their own computers. Just because a few hundred people, a few thousand, or even ten thousand, have their accounts compromised, that doesn’t mean much when you look at the reach of PayPal’s market. When you start seeing hundreds of thousands, or millions, of PayPal accounts compromised, that’s more likely to be indicative of a problem with their system — not a handful of highly-visible horror stories that you’ll find on the internet.
Your argument isn’t the ‘smart person vs. dump person’, it’s paranoia versus reality, and your example of a ten-year-old with toenail clippers hacking PayPal just reinforces my point.
Oh really?
Perhaps readers here may enjoy this report:
February 27, 2009
“When paranoia isn’t enough”
The most paranoid geek I know, Steve Bass of TechBite, gets hacked
By Christina Wood
http://tinyurl.com/lfpoej
http://preview.tinyurl.com/lfpoej
@RJ Regardless Of How Many Accounts PayPal Claims To Have I’m Willing To Bet That A Good Sized Amount Of Them Are Inactive Because Of One Thing Or Another.