Alan K. Henderson's Weblog


Old comments migrated to Disqus, currently working outtechnical issues

Monday, August 15, 2005

Don't Feed The Phish

I got one of those bogus emails today. Here's a partial transcript:

Unauthorized person tried to reset the password from your paypal account.We would like to ensure that your account
was not accessed by an unauthorized third party. Because
protecting the security of your account is our primary concern,
you have to fill in the affidavit form. To download the form click [embedded hyperlink removed].
Please send a fax in the next 24 hours to 1(800) 479-6795 with affidavit form completed.

(That 800 number does not exist.)

Any time you get an email from someone claiming to be PayPal (or eBay, which owns PayPal) requesting some kind of response from you for security reasons, don't take the bait - not even if you see the PayPal/eBay logo in the email. These are scams to get you to unwittingly send the phishers your PayPal/eBay password.

I reported this email to PayPal, and got this emailed response:

Commonly referred to as phishing, these emails are sent by fraudsters in
an attempt to collect sensitive personal or financial information from
the recipients. PayPal takes phishing threats seriously. Our fraud
prevention specialists are working 24/7 to help protect you and enable
the community to stay safe.

After review, we can confirm that the email you received was not sent by
PayPal. Any website which may be linked to this email is not authorized
or used by PayPal.

Our fraud prevention team is working to disable any website linked to
this email. In the meantime, please do not enter any information into
this website. If you have already done so, you should immediately log
into your PayPal account and change your password, as well as your
security questions and answers. We also recommend that you contact your
bank and credit card company immediately.

If you notice any unauthorized activity on your PayPal account, please
report it to us by following the instructions below:

1. Log in to your account only from the PayPal website. Do not use
links provided in any email.

2. Click on the Security Center link at the bottom of the page.

3. Click on the 'Unauthorized Transaction' link under the Report a
Problem column.

4. Follow the instructions on this page in order to access the
appropriate form.

Lastly, we recommend taking a few steps to protect yourself from
identity theft:

> Download the SafetyBar, a toolbar for Outlook and Outlook Express, which identifies known spoof emails.
> Get eBay Toolbar with Account Guard which warns you when you're on a potentially fraudulent (spoof) Web site.
> Frequently monitor your account for suspicious activity.

For additional tips please visit the PayPal Security Center at

Site Meter