paypal

PayPal phishing - again

Submitted by Kai on Mon, 2008-11-17 14:46.
PayPal is a great tool for many of us, and as with all great tools, they become targets for criminals. And since it usually is so much easier to fool a person than a full-fledged security enabled tool, phishing attempts are going on all over.

And to no surprise, I am not free from the attempts. This one I got today:

Dear Kai Roer ,

PayPal Resolution Center: Your account is limited.

Why is my account access limited?
As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account:
Our system detected unusual number of invalid logging attempts on you account from these Blacklist ip address. (Your case ID for this reason is PP-0041310.)

How can I restore my account access?
For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. In order to assist us with this security measure, we ask that you send us a photocopy or scan of one document from each of the three categories listed below and return them via email to security@paypalfraudcheck.com

- A clear copy of your Passport, Photographic Drivers Licence or I.D. Card (both sides).
- A clear copy of both sides of the credit/debit card on your paypal profile.
- A clear copy of a recent bank statement or utility bill on which your name and address are clearly visible - less than 3 months old.

Completing all of the checklist items will automatically restore your account access

Thank you for using PayPal!
The PayPal an eBay Company



And as you can see, the e-mail is well written, and seems quite believable. At least it does to me. Except when they want to me send a full copy of my passport, and a bank statement! Hello! Wait a second. There are no reasons why PayPal would want - or even need that.

So, I decide to visit PayPal just to make sure. I type (yes, type) the address in my browser, and log in. Surely enough, nothing is wrong.

Next, I visit the security center of PayPal, and forward them the e-mail I got. The good thing about PayPal is that they do take these things seriously, so when I sent it, I received an answer only a few hours later (and this is during working hours in Europe!)

Their answer is:

Dear Kai Roer,
Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team is working to disable it.
**************************
What is a phishing email?
**************************
Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information. PayPal will never ask you for your password over the phone or in an email and will always address you by your first and last name.
Take our Fight Phishing Challenge at https://www.paypal.com/fightphishing to learn five things you should know about phishing. You'll also see what we're doing to help fight fraud every day. ***************************
You've made a difference
***************************
Every email counts. By forwarding a suspicious-looking email to spoof@paypal.com, you've helped keep yourself and others safe from identity theft.
Thanks,
The PayPal Team


I suggest you keep an eye out for Phishing attempts to your PayPal. Take the PayPal Fight Phishing Challenge. And stay on alert at all times. These things get more and more realistic by every day, and you need to check things before your click or answer such emails.


What are your experience with phishing? What did you do? How did you discover it?


Chris Pirillo update on his PayPal loss

Submitted by Kai on Wed, 2008-08-06 10:02.
Chris Pirillo made an update regarding his loosing US$450,- from his PayPal account.

The post of his includes some tips (known to most of us, but no harm in repeating) on how to stay (more) secure when it comes to PayPal and online shopping:

(cut'n'pasted from Chris' post)

  1. The first thing, it all starts with a clean computer system. A computer system with viruses or keyloggers may be the cause unauthorized people to be inside of your PayPal account. Use security programs on your computer.
  2. Make sure the site you are in is the verified PayPal site, and not a Phishing site. You can check this out by checking the domain name in the browsers url bar. You should see PayPal’s actual site address, and not something else.
  3. Don’t keep large amounts of money in your PayPal account, because people can easily send your money to other accounts in a blink of an eye if they gain access to it. Instead of keeping it on PayPal, keep it inside your bank account.
  4. Check your Paypal history on a daily basis. This way, you can stop money from being transfered if you see it happening when and where it shouldn’t be.
  5. This may be common sense, but use a strong password! Use a mixture of lowercase, uppercase, symbols, and numbers. Make it harder for a hacker to guess to begin with! Reading this post by Chris may help.
  6. When you’re buying something with PayPal, be sure to check that the site you are on is secure. Do this by checking the url bar. The site should contain “HTTPS”. This will help you determine if the site is fraudulent or not. You can also do research on Google about certain sellers that you may not be sure of.
  7. Shop with well-known companies who have established a good reputation.



He explains the case here:



Do You Have a Problem with PayPal?

PayPal taking the side of Fraudsters?

Submitted by Kai on Sun, 2008-08-03 09:23.
It seems PayPal makes it's own rules whether or not to accept that a customer has experienced unauthorized payments from his or her account. Not a good policy, IMO.

Take this story from Chris Pirillo.
A summary: someone was able to retrieve his iTunes password thanks to lax password retrieval security over at Apple. (Apple have now resolved the issue, according to the story). Using Chris' account, the fraudster was able to deduct US$450 from Chris' PayPal account - cash spent on iTunes Gift Cards.

With this background, and the backing by Apple, you would think Chris would get his funds back, right?

Wrong!

As it turns out, PayPal deems the deduction was

"not an instance of unauthorized account activity"

and decides that they will NOT return the funds stolen.

What should PayPal do? Should they turn around?
Perhaps it is time to use the Marketing Power, and stop using PayPal until they reach a better vetted stand?

And - is this the first time PayPal does this, or is Chris' case the last in a long row?

Can we trust a banking service that does not care for it's customers?

Do you think PayPal is taking the side of the fraudsters in this case?
12next ›last »
Syndicate content

Recent comments