New Phishing Scam Hits PayPal Users

[Chops]

PayPal took action on Friday to close down a telephone number used in a new type of phishing scam designed to steal account information from unsuspecting customers.

According to Sara Bettencourt, a PayPal spokesperson, the scam worked by criminals sending an offical-looking e-mail to PayPal users around the world, requesting that they call an account-verification phone number to update key account details.

"The phishers never stop innovating when it comes to social-engineering techniques," said Avivah Litan, an analyst at Gartner.

"This new one gets around consumer fears of clicking on URLs embedded within e-mails, and the criminals are likely to get a higher response rate than the typical 3 percent they get with URL-based e-mail scams," she noted.

Phone Scam

Through Voice over Internet Protocol (VoIP) services, such as Skype or Vonage, it is relatively easy to obtain a local telephone number without having any physical location tied to it. Phishers then build bogus telephone systems around the number to mimic those of genuine online-banking organizations, said Graham Cluley, a senior consultant at security firm Sophos.

"Consumers accept that many online companies won't have a local number to call when you need help," he said. "When it's something as important as a security issue with your account, that'll be a strong incentive to the unguarded to make the call."

The latest scam to hit PayPal was doubly innovative. In addition to using an official-sounding telephone tree, the e-mail was able to make it through spam filters to many inboxes because it was sent out as an image -- containing no actual words in the message.

"This is done by the phishers to try and circumvent less sophisticated antispam filters, which may try and block e-mails based upon the text content or links contained inside the message," said Cluley.

PayPal Cover

While the scam might sound serious, there is good news for any concerned PayPal users, and particularly for those who did call the number and go through the fake account-verification process.

"PayPal will always reimburse all its users worldwide for unauthorized use of the PayPal account," said Bettencourt, who recommended that if customers entered their account details after calling the bogus telephone number, they should log in on the PayPal site and change their passwords.

Diane Shaib, executive vice president of Orbiscom, a security company specializing in online-payment systems, noted that PayPal is among the top five U.S. financial services Web sites that get targeted by phishers.

"PayPal is extremely vigilant in taking steps to shut down phishing Web sites," said Shaib. "The problem is that there is always going to be a very small percentage of people who receive phishing e-mails and respond to them."

 

[FlipTrac_511]

Thanks for the heads-up. I already got two very authentic lookings ones from PayPal (or not). Good thing I never reply to such things.

 

[Tracn Black]

Yea me too !!!:angry:

 

[Deleted deleted]

lol I get those too, and I don't even have a PayPal account.

 

[Curt NA]

thx, I had not heard of this scam yet...

 

[Paul Howard]

I made a bid on a laptop computer on Ebay several weeks ago and lost the auction. Yesterday I recieved a "second chance offer" that looked like it came from Ebay. The amount of money I had bid was extremely low so I got suspicious. I forwarded the offer to [email protected] and recieved a message back that it was bogus and was a phishing email. It sure looked good to me. Glad I only bid $500.00 on a $2300.00 computer.

 

[Aaron Yarbough]

This is good to know, I have received these emails before that appear to be from PayPal but they are not. Gotta stay on your P's and Q's in todays world, especially around the holiday season. The scammers are doing there best work this time of year.

The newest scam involving the Gift Cards shows that they are always discovering new ways to rip people off.

 

[Fred]

Whoa! I saw Darin a couple posts up from the bottom and thought, "oh Darin's back". lol.

 

[Casey B]

I got 2 emails recently. I always know when they are fraudulant because I deal with my paypal account every day or two. Forward them to [email protected] and they will handle it.

 

[Richard L]

I get PayPal phishing emails about once a week.



The biggest thing to remember about PayPal, is if they do send you and email it will address you by your full name (First and Last) They will not send you an email that says: "Dear PayPal Member".



The criminals sending out the phishing emails don't know what your name is so they try to sneek by with the generic greeting. I just dump them in the trash.



The only disappointing news in PayPal's announcement is that there were no arrests made. They just shut down the telephone lines that the criminals used. I find it amazing that the crooks can get telephones with phoney credentials or no credentials, yet I have to give my life's history and leave my first male born child as collateral. :wacko:



...Rich

 

[Ryan Schaecher]

When it comes to PayPal and eBay, I never click links in an e-mail. I ALWAYS go through the front door. It's that way with anything to do with money or auction/purchase type stuff. Too hard to tell what's real and what's not.



IE7 has the phishing filter built in (too bad it's so freakin slow), but I can't trust it.