PayPal users targeted by e-mail scam -- again

Users of online payment service PayPal have again been targeted by scam artists trying to steal their personal data, including name, address, home and work telephone numbers and credit card information.

Earlier last week, a reader e-mailed Computerworld saying he had received a message allegedly from "" with the subject "PayPal Security Update." Last month, PayPal users were hit by a similar scam.

The Oct. 22 message, which arrived as an HTML e-mail replete with grammatical mistakes, was set up to mimic PayPal's Web site, and said: To confirm that you are an authorized PayPal member, authorization is needed. The New SSL 4.0 Secure Socket Layer has been updated to the PayPal servers. To be authorized, please visit After completion, you will recieve[sic] and [sic] email confirmation within 24 hours of reciept [sic]. Thanks for using PayPal!, PayPal Security Team.

The Web site address listed in the e-mail took users to an official-looking site that asked for their personal information.

The reader said he was fooled into entering his user name and password, his address and half of his credit card number before he realized he had been scammed. He said he immediately changed his PayPal log-in password, removed his credit card and bank information from his PayPal profile, sent an e-mail to PayPal's customer service department and filed a complaint with the U.S. Federal Bureau of Investigation (FBI)'s Internet Fraud Complaint Center.

As of late Thursday Eastern time, the spoofed PayPal site was still available. It wasn't available last Friday.

PayPal spokeswoman Julie Anderson said the company was notified of the spoof site Thursday morning, immediately contacted the Web host for the site and asked that it be removed. The company also plans to file a suspicious activity report with law enforcement officials.

Previously, Anderson had said spoof sites are very common. She said the scam artists probably got hold of a database and sent messages to thousands of people, hoping to hit some PayPal account holders.

"[These scams] happen often, and they happen often to successful Web sites like eBay, PayPal and other financial services sites," Anderson said last month. "Fortunately, we know from experience that PayPal users are for the most part savvy enough not to fall for them. But in the end, if they do, they are certainly not liable for any losses."

A "whois" search on the domain name used in this week's scam showed that it was registered on Sept. 29, 2002, to a woman in Jacksonville, Fla. However when reached for comment, the woman said she was the victim of a similar scam targeting users of Dulles, Va.-based America Online Inc. (AOL).

The woman said she had only been a member of AOL for one week when she received a message allegedly from the company saying there was a problem with the credit card information she had provided and her service would be shut off immediately if she didn't provide the number of a different credit card.

She said she complied with the request and then said she was asked to resubmit the number and expiration date of the card she originally provided. Again she complied with this request.

Shortly thereafter, the issuing banks called her because they determined there had been some suspicious activity on her card. She said that's when she realized she had been victimized.

AOL couldn't be reached for comment Friday.

Russ Cooper, a security consultant at TruSecure Corp. in Herndon, Va., said that in addition to the security center PayPay has on its site -- complete with tips for users, including a warning that they never share their PayPal password with anyone -- the company could do more to protect users.

He suggested that PayPal use digital signature technology that would allow users to determine the veracity of an e-mail purporting to be from PayPal. He also said PayPal could alert users to this technology by posting information about it on a prominent place on its site.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Linda Rosencrance

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?