PayPal users targeted by e-mail scam -- again

Users of online payment service PayPal have again been targeted by scam artists trying to steal their personal data, including name, address, home and work telephone numbers and credit card information.

Earlier last week, a reader e-mailed Computerworld saying he had received a message allegedly from "CustomerService@paypal.com" with the subject "PayPal Security Update." Last month, PayPal users were hit by a similar scam.

The Oct. 22 message, which arrived as an HTML e-mail replete with grammatical mistakes, was set up to mimic PayPal's Web site, and said: To confirm that you are an authorized PayPal member, authorization is needed. The New SSL 4.0 Secure Socket Layer has been updated to the PayPal servers. To be authorized, please visit https://www.paypalauthorization.com/. After completion, you will recieve[sic] and [sic] email confirmation within 24 hours of reciept [sic]. Thanks for using PayPal!, PayPal Security Team.

The Web site address listed in the e-mail took users to an official-looking site that asked for their personal information.

The reader said he was fooled into entering his user name and password, his address and half of his credit card number before he realized he had been scammed. He said he immediately changed his PayPal log-in password, removed his credit card and bank information from his PayPal profile, sent an e-mail to PayPal's customer service department and filed a complaint with the U.S. Federal Bureau of Investigation (FBI)'s Internet Fraud Complaint Center.

As of late Thursday Eastern time, the spoofed PayPal site was still available. It wasn't available last Friday.

PayPal spokeswoman Julie Anderson said the company was notified of the spoof site Thursday morning, immediately contacted the Web host for the site and asked that it be removed. The company also plans to file a suspicious activity report with law enforcement officials.

Previously, Anderson had said spoof sites are very common. She said the scam artists probably got hold of a database and sent messages to thousands of people, hoping to hit some PayPal account holders.

"[These scams] happen often, and they happen often to successful Web sites like eBay, PayPal and other financial services sites," Anderson said last month. "Fortunately, we know from experience that PayPal users are for the most part savvy enough not to fall for them. But in the end, if they do, they are certainly not liable for any losses."

A "whois" search on the domain name used in this week's scam showed that it was registered on Sept. 29, 2002, to a woman in Jacksonville, Fla. However when reached for comment, the woman said she was the victim of a similar scam targeting users of Dulles, Va.-based America Online Inc. (AOL).

The woman said she had only been a member of AOL for one week when she received a message allegedly from the company saying there was a problem with the credit card information she had provided and her service would be shut off immediately if she didn't provide the number of a different credit card.

She said she complied with the request and then said she was asked to resubmit the number and expiration date of the card she originally provided. Again she complied with this request.

Shortly thereafter, the issuing banks called her because they determined there had been some suspicious activity on her card. She said that's when she realized she had been victimized.

AOL couldn't be reached for comment Friday.

Russ Cooper, a security consultant at TruSecure Corp. in Herndon, Va., said that in addition to the security center PayPay has on its site -- complete with tips for users, including a warning that they never share their PayPal password with anyone -- the company could do more to protect users.

He suggested that PayPal use digital signature technology that would allow users to determine the veracity of an e-mail purporting to be from PayPal. He also said PayPal could alert users to this technology by posting information about it on a prominent place on its site.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Linda Rosencrance

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?