Likely scam email...what to do?

I got an email from service@payqal.com. I didn’t realize the q at first and opened it. It looked very professional and real. It could be, I don’t know, hence this thread. It was saying that access to my paypal account had been limited because of abnormal spending habits. I stopped caring at this point since I don’t really use my PP much, and I have no money in it. My bank account isn’t tied to it yet either.

Anyways, you’re a smart, resourceful bunch, so I have a couple of questions:

  1. Payqal? Not legit right?
  2. If yes, should I report it, and if so, to who?

Heres the message:

Dear customer,

Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal’s User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved. This is a fraud prevention measure meant to ensure that your account is not compromised.

Case ID Number: PP-046-631-789
We encourage you to log in and restore full access as soon as possible.Should access to your account remain limited for an extended period of time, it may result in further limitations on the use of your account or may result in eventual account closure.

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.

To keep your account active, login on our SSL secure server:

http://210.555.212.229/www/cnkec21/guid/main/www/online.paypal.com/webscr/paypal_login-run/SSLsecure/index.php?redir=

Sincerely,
PayPal Account Review Department

PayPal Email ID PP576

Seems good. The link gets me. It has paypal and redirects in it but it looks like it is a link to an IP. One of you techies know? I changed the apparent IP a little so nobody here clicks it and gets fouled up.

You can report it to PayPal. The link to report scan emails to is on their security center page. Direct link: report a scam or spoof (you’ll have to log in after clicking on that link).

There is even an direct e-mail address to report these kind of things directly without requirement of being a paypal member. The address is spoof at paypal.com

OK, it’s almost definately a scam. I did a little investigating. I clicked the link and this is what I got:

Now the scammer has my email.

And now he has my debit card number and PIN, enabling him to buy things.

Pretty devious. Everyone watch out. Leo, I’ll send this to that email.

Since PayPal is still operated by the employees of the founders (and not by it’s owner eBay), complaints are being handled very seriously.

The IP is from a Korean ISP, so probably will ends in a “I don’t know english, I don’t remove the site/server.” kind of dialog. However it is important to report these fraud atempts!
As for many security things: services wont be able to take action without your feedback.

Even though this looks like just a simple CC# phising atempt, following these kind of links should always considered as dangerous. Often follow-up pages got agressive spyware or other mallicious code on it. Using a XP/FireFox combi to examine is disadviced.
Even if you have software like zone-alarm or anti-virus, it wont hurt to download http://www.lavasoftusa.com/ 's Ad-Aware Personal edition (if you don’t have it allready), and detect your machine.

It’s funny the page even asks for the ATM pin. This means they’re planning on writing your details on any kind of ATM-sized pass with a magnetic strip. This is relative easy, especially in the US.
I’ve seen this happening in a case almost 10 years ago (I think the 1st time I was in dialog with someone unable to handle weapons).
So, in another view you could consider the bad things on the internet as a blessing as well.
I bet you rather got robbed by a webpage than by someone who’s showing you a gun from an angle you rather don’t wanne see.
But of course the best is not to get robbed, and prevent others from being so.

I feel pretty safe on my computer, although I know it was risky. I figured it would be what it turned out to be.

I have ad aware, spyware seek and destroy, norton corporate AV, and am behind PSU’s firewall. Plus I kept a close eye on my bandwidth usage and transfers.

I thought you could use the PIN to order online. I mean I thought you needed it.

I figured it would be foriegn, which means much can’t be done punitively. Oh well…

“We are currently performing maintanance of your account… and we apologize for any incontinence it may cause.”

It’s ‘maintenance’ (I used my spell-checker)

and I’ve seen the term ‘incontinence’ in my asian students’ papers before when they mean ‘inconvenience.’

#1 Fraud alert: Bad spelling or grammar.

Just another tip I read somewhere. Don’t click a link in an e-mail to log into your account. A link can be set to auto-forward anywhere. Rather, open a new browser window, and login to your account as you normally would. Any announcements will show up when you login, and you don’t need to follow a “special” link in an e-mail. It’s a common technique to use links to make people go to a fake (real-looking, however) site, and give their personal info.

See what happens in your MSIE status-bar with this

<html>
<body>
<a href="http://www.microsoft.com/">
  <table>
    <tr>
      <td><a href="http://www.google.com/">Click here</td>
    </tr>
  </table>
</a>
</body>
</html>

Like Leo said, it’s called phishing. Somebody is “fishing” for your personal data, so they can rob you.

I have recently gotten a bunch of these communications from Citibank (only not Citibank). I also get the Paypal ones regularly.

Basically, if someone holding a “money” account for you needs you to contact them, they are more likely to do it through real mail, especially a bank like Citibank.

Be extremely careful any time you have to give out such information online. When you first sign up for something, it’s usually because you went to a company’s site and you’re setting up an account. It is very rare for them to ask you to “repeat” your account information to them. Don’t trust any request of this nature.

Ah yes, last month I saw both the CitiBank and PayPal one live!
I’ve seen valid logins being publishied (at a weblog I wont link) and keep working for over 24 h. Pretty scary. Unfortunely whitehats who are trieng to be helpfull are being threathened often and punished for that. Result: hackers don’t dare to report. Effect: such exploits become (and stay!) so called “private exploits”, got into wrong hands, and so today many corp’s are being blackmailed by big criminal organisations.

even i have received such email about concerning ebay product payment which i didn’t buy , so when ever you receive such email don’t click and login to paypal by their given links for more good information you can visit this site aboutpaypal.org .

by the looks of things its either a fake page that logs your credentials or a better way would be to run an invisible keylogger on your victims pc, it runs in such a way that it is only detectable in the processes menu. if that. then when they log into anything on their pc(msn, pay pal, online banking etc) the keylogger records i and intermittently sends it to you. you then have all their details.

this is why you should never open attatchments. or unknown files. if you suspect a keylogger boot your pc in safe mode and check out the system processes. anything suspicious, end it, and find where it lives on your pc, delete it and change all your passwords and cancel all accounts. or before you end the keylogger type an angry message to your hacker on your keyboard.:slight_smile:

Obie,

It is a scam. I’ve received many of the same email. What gives it away most times is that I get two sometimes three of the very same email at the same time from different phishers. It’s also interesting to mouse-over some of the links in the email to see where they really go.

Just delete it, consider it a way of modern life, and move on.

Bruce

Haha, November 2004. Be wary of ebay emails.