Categories
Archive

PayPal Password Scam (Update)


I need to clarify this story a bit more:

The reason I wrote in about this was because I’m amazed at how sophisticated and crafty this scheme was. When I initially got the email, which is an exact HTML duplicate of genuine PayPal mailings, I read the first line saying that my account is being investigated concerning fraud; I got so mad that I didn’t stop to examine the email.

The mailing included what appeared to be an HTML link to the PayPal Web site.

I clicked on the link thinking “now what has PayPal screwed up?” The website also looks exactly like a legitimate PayPal page, and I’m in such a hurry to figure out what the problem is that I just log in…

That’s when it hits me. This page is NOT a secure (HTTPS) site, and it is hosted somewhere other than the paypal domain. I know I just sent my account and password to some scumbag.

I quickly logged in to my PayPal account and changed my password (and then I updated a few of my other online passwords just to be safe). Then I called PaPal and alerted them. The woman I spoke to had me forward the email to a security person at PayPal. She seemed to believe that they were about to hear from a bunch of people concerning this particular scam soon.

I did also forward the entire email to uce@ftc.gov.

The bogus site was still active yesterday, but I’m happy to say it is now gone. I can’t imagine how many PayPal passwords they must have harvested in that short mailing.

I’m mostly freaked out about this scheme because I’m no newbie who falls for every little scam, but this was so well orchestrated that I have to teach myself to slow down and examine everything more carefully in the future.

When eBay, AOL and PayPal keep reminding us that they will NEVER ask for our passwords I feel pretty stupid – and fortunate that I caught myself at the very last second before my account could have been wiped out.

By Jason O'Grady

Founded the PowerPage in 1995.