PayPal Phishing Warning

July 20, 2004, updated August 6, 2004
6 days after I contacted paypal they managed to get the site taken down.
I just recently got the following email:
From : service@paypal.com
Reply-To : service@paypaI.com
Sent : Tuesday, July 20, 2004 12:39 AM
To : undisclosed-recipients:
Subject : Customer Service
Dear PayPal valued member,
Due to concerns, for the safety and integrity of the PayPal
community we have issued this warning message.
It has come to our attention that your account information needs to be renew
due to inactive members, spoof reports and frauds.
You must to renew your records and you will not
run into any future problems with the online service.
However, failure to update your records will result in account deletation.
This notification expires on July 21, 2004.
Once you have updated your account records your PayPal will not be
interrupted and will continue as normal.
Please follow the link below
and renew your account information.
...link removed...

However, note that the actual link, while it looks like a valid paypal address, is "http://secure04.paypal.linkcall.net/.../pp/". If you haven't picked up on it yet, the site actually points to a site that is NOT paypal related.

What's even cooler, is they've replicated the real site awesomely (not hard to do).

Screenshot.png

This is an example of phishing. What they do is create a replica site, get you enter in your credentials, and then they store them and use them later leaving you with an invalid login page or redirecting you to the real site making it look like you accidentally entered in the wrong information. You never really know you got taken. I'd estimate that a shit load of people fell victim to it and are now having shit loads of money stolen from them. I submitted the site to paypal, but who knows what will actually happen.

Related Posts

1 Comment

Comment January 12, 2006 by anonymous
Hi, I got the same mail in my mailbox...and told Paypal about it. They said they would never start a mail with "Dear valued member" they would always address you with your full name. Be careful out there.