PayPal users targeted by e-mail scam -- again

Users of online payment service PayPal have again been targeted by scam artists trying to steal their personal data, including name, address, home and work telephone numbers and credit card information.

Earlier last week, a reader e-mailed Computerworld saying he had received a message allegedly from "CustomerService@paypal.com" with the subject "PayPal Security Update." Last month, PayPal users were hit by a similar scam.

The Oct. 22 message, which arrived as an HTML e-mail replete with grammatical mistakes, was set up to mimic PayPal's Web site, and said: To confirm that you are an authorized PayPal member, authorization is needed. The New SSL 4.0 Secure Socket Layer has been updated to the PayPal servers. To be authorized, please visit https://www.paypalauthorization.com/. After completion, you will recieve[sic] and [sic] email confirmation within 24 hours of reciept [sic]. Thanks for using PayPal!, PayPal Security Team.

The Web site address listed in the e-mail took users to an official-looking site that asked for their personal information.

The reader said he was fooled into entering his user name and password, his address and half of his credit card number before he realized he had been scammed. He said he immediately changed his PayPal log-in password, removed his credit card and bank information from his PayPal profile, sent an e-mail to PayPal's customer service department and filed a complaint with the U.S. Federal Bureau of Investigation (FBI)'s Internet Fraud Complaint Center.

As of late Thursday Eastern time, the spoofed PayPal site was still available. It wasn't available last Friday.

PayPal spokeswoman Julie Anderson said the company was notified of the spoof site Thursday morning, immediately contacted the Web host for the site and asked that it be removed. The company also plans to file a suspicious activity report with law enforcement officials.

Previously, Anderson had said spoof sites are very common. She said the scam artists probably got hold of a database and sent messages to thousands of people, hoping to hit some PayPal account holders.

"[These scams] happen often, and they happen often to successful Web sites like eBay, PayPal and other financial services sites," Anderson said last month. "Fortunately, we know from experience that PayPal users are for the most part savvy enough not to fall for them. But in the end, if they do, they are certainly not liable for any losses."

A "whois" search on the domain name used in this week's scam showed that it was registered on Sept. 29, 2002, to a woman in Jacksonville, Fla. However when reached for comment, the woman said she was the victim of a similar scam targeting users of Dulles, Va.-based America Online Inc. (AOL).

The woman said she had only been a member of AOL for one week when she received a message allegedly from the company saying there was a problem with the credit card information she had provided and her service would be shut off immediately if she didn't provide the number of a different credit card.

She said she complied with the request and then said she was asked to resubmit the number and expiration date of the card she originally provided. Again she complied with this request.

Shortly thereafter, the issuing banks called her because they determined there had been some suspicious activity on her card. She said that's when she realized she had been victimized.

AOL couldn't be reached for comment Friday.

Russ Cooper, a security consultant at TruSecure Corp. in Herndon, Va., said that in addition to the security center PayPay has on its site -- complete with tips for users, including a warning that they never share their PayPal password with anyone -- the company could do more to protect users.

He suggested that PayPal use digital signature technology that would allow users to determine the veracity of an e-mail purporting to be from PayPal. He also said PayPal could alert users to this technology by posting information about it on a prominent place on its site.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Linda Rosencrance

Computerworld
Show Comments

Essentials

Mobile

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?