PayPal hoax
Hmm, I wasn't intending to post another entry this soon, but I just got a rather worrying email. It appears to be from PayPal, but I think it's a hoax, so be very cautious if you receive something similar.
Key things that made me suspicious:
Once I got suspicious, I checked the source code of the message - although it appears to be from PayPal.com (according to the "from" email address), the form is set up to send its data to quiesy.portland.co.uk. And even if they are a registered subcontractor, a file called "boyz.php" doesn't sound very official to me. And finally, this email was sent to my old Demon address, rather than my new address (which is actually registered with PayPal, so the one that they'll use to contact me) - presumably this means that it's a wide scale thing, rather than anything that's specifically targetted at PayPal users.
Anyway, I've notified PayPal of this, and they should get back to me in a couple of days to confirm/deny.
So, assuming that I'm right, it's good to know that I'm getting less gulllible as time goes by. In this case, I think it helps that we covered social engineering as part of the Cryptography/Information Security course, which I was revising a couple of weeks ago.
Oh, and one last thing - I've included the entire email below (behind the cut tags), so that you can see it for yourselves. This should be obvious, but please don't enter your details and click the "log in" button!
Dear PayPal Customer
This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.
The inactive customers are subject to restriction and removal in the next
3 months.
Please confirm your email address and and Credit Card info
number by logging in to your PayPal account
using the form below:
This notification expires May 31, 2003
Thanks for using PayPal!
This PayPal notification was sent to your mailbox.
Your PayPal account is set up to receive the PayPal Periodical newsletter
and product updates when you create your account. To modify your notification
preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI
and log in to your account. Changes to your preferences may take several
days to be reflected in our mailings. Replies to this email will not be
processed.
If you previously asked to be excluded from Providian product offerings
and solicitations, they apologize for this e-mail. Every effort was made
to ensure that you were excluded from this e-mail. If you do not wish to
receive promotional e-mail from Providian, go to http://removeme.providian.com/.
Copyright© 2002 PayPal Inc. All rights reserved. Designated trademarks
and brands are the property of their respective owners.
Key things that made me suspicious:
- They are asking for my password, which PayPal say they will never do.
- They shouldn't need my credit card number again, and giving a random person the number/expiration date would make it very easy for them to commit fraud (they could get my street address by logging into PayPal as me, once they have my email address and password).
- They definitely shouldn't need my ATM PIN!
- Although the email is dated tomorrow (Wed 4th June 2003), it says that it expires May 31, 2003.
- General point - if I'm going to enter stuff like this, I'd rather do it at the website, than typing into an email form.
Once I got suspicious, I checked the source code of the message - although it appears to be from PayPal.com (according to the "from" email address), the form is set up to send its data to quiesy.portland.co.uk. And even if they are a registered subcontractor, a file called "boyz.php" doesn't sound very official to me. And finally, this email was sent to my old Demon address, rather than my new address (which is actually registered with PayPal, so the one that they'll use to contact me) - presumably this means that it's a wide scale thing, rather than anything that's specifically targetted at PayPal users.
Anyway, I've notified PayPal of this, and they should get back to me in a couple of days to confirm/deny.
So, assuming that I'm right, it's good to know that I'm getting less gulllible as time goes by. In this case, I think it helps that we covered social engineering as part of the Cryptography/Information Security course, which I was revising a couple of weeks ago.
Oh, and one last thing - I've included the entire email below (behind the cut tags), so that you can see it for yourselves. This should be obvious, but please don't enter your details and click the "log in" button!
Dear PayPal Customer
This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.
The inactive customers are subject to restriction and removal in the next
3 months.
Please confirm your email address and and Credit Card info
number by logging in to your PayPal account
using the form below:
This notification expires May 31, 2003
Thanks for using PayPal!
This PayPal notification was sent to your mailbox.
Your PayPal account is set up to receive the PayPal Periodical newsletter
and product updates when you create your account. To modify your notification
preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI
and log in to your account. Changes to your preferences may take several
days to be reflected in our mailings. Replies to this email will not be
processed.
If you previously asked to be excluded from Providian product offerings
and solicitations, they apologize for this e-mail. Every effort was made
to ensure that you were excluded from this e-mail. If you do not wish to
receive promotional e-mail from Providian, go to http://removeme.providian.com/.
Copyright© 2002 PayPal Inc. All rights reserved. Designated trademarks
and brands are the property of their respective owners.