I got this spam in my inbox today. Where should I report this fraud to?
From service@paypal.com Tue May 11 15:52:55 2004Let's see. My PayPal account has been hacked, even though I never opened a PayPal account. What's going on here?
Return-Path: <service@paypal.com>
X-Original-To: me@home
To: me@home
Subject: Notification of PayPal Limited Account Access
From: service@paypal.com
Reply-To: service@paypal.com
Errors-To: service@paypal.com
X-Mailer: MSOUTLOOK / 4.3.5
Date: Tue, 11 May 2004 14:51:41 -0500Dear PayPal user,
We recently reviewed your account, and suspect that your PayPal account may have been accessed by an unauthorized third party. Protecting the security of your account and of the PayPal network is our primary concern. Therefore, as a prevention measure, we have temporarely limited access to sensitive PayPal account features. Please click on the link below to confirm your information:
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
For more information about how to protect your account, please visit PayPal's Security Center, accessible via the "Security Center" link located at the bottom of each page of the PayPal website.
We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire PayPal system. Thank you for your prompt attention to this matter.
Sincerely,
The PayPal Fraud Management Team
---------------------------------------------------------------
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page. Copyright? 2004 PayPal, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.
This message is oozing scammyness, but the scammer covered his tracks better than most. The SMTP from header and all the email addresses look legit. Once I bothered to actually read this spam, it looked every so slightly off (temporarely? Please). Mostly, it looked like it was cribbed from a real PayPal email, munged, and resent as a scam.
The really cruel bit of social engineering is the URL listed above. It looks like it's going to go to a secure page on the PayPal site, but it is actually a link to an insecure page behind some cable modem somewhere in Canada.
This is a guy I would like to see persecuted to the fullest extent of the law....
Re:Paypal?
ziggy on 2004-05-12T02:59:21
Thanks. I don't deal with paypal, so I didn't know if/where they were accepting reports of these messages.Re:Paypal?
brian_d_foy on 2004-05-12T05:12:24
When I forward these email to them, I get soem nice email from them. I think they have something on the other side the recognizes various scams.Re:Paypal?
ziggy on 2004-05-12T12:54:12
The bot at spoof@paypal.com has a very quick, very courteous autoresponse:Thank you for bringing this suspicious email to our attention. We can confirm that the email you received; was not sent to you by PayPal. The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website.
... Re:Paypal?
vsergu on 2004-05-13T14:55:43
On the other hand, I receive e-gold phishing attempts every couple of days, and the one time I forwarded one to e-gold they replied that they got enough reports and I didn't need to forward any in the future. I don't have an e-gold account, but if I did I'd be concerned about their lack of interest in shutting down scammers.
