Wednesday, August 3, 2011

Security FAQ - Fake Paypal email scam for phishing


Subject: Security FAQ

Sent Via Email Address: service@paypal.com

Determination: Scam email sent by recent person who I bought something from on Ebay as it uses a specially coded email address that could only be used by someone who I bought something from eBay from and was paid by PayPal. The scam PayPal phishing attempt was forwarded to Spoof@Paypal.com which is where you should send all fake paypal emails (after posting them here if they are different from the scam paypal email above)


Hello (((My Name Removed))),

As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.

We requested information from you for the following reason:

A recent review of your account determined that we require some additional information from you in order to provide you with secure service.

Case ID Number: PP-254-697-502

This is a second reminder to log in to PayPal as soon as possible. Once you log in, you will be provided with steps to restore your account access.

Be sure to log in securely by using the following link:

Click here to login and restore your account access (((Link Removed)))

Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.

In accordance with PayPal's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your PayPal account as soon as possible to help avoid this.

To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us".

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Thanks,

PayPal Account Review Department

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the help link in the top right corner of any PayPal page.

----------------------------------------------------------------
Copyright © 1999-2011 PayPal. All rights reserved.

PayPal Email ID PP522

Fake Paypal address this would have gone to if I clicked: http://www.paypal.com.xe9gia8ue1n6eqs2e6rx.005yz7runweup48my1.com/cgi-bin/webscr/?login-dispatch&login_email=((( MY EMAIL ADDRESS )))&ref=pp&login-processing=ok

The PayPal real response:

Dear (((My Name Removed))),

The security of your financial information and transactions is the core of our business and our top priority at PayPal.

PayPal allows you to securely purchase items or send money without divulging your financial information to others. The only information you need to share with others is your email address, no credit card number or bank account number.

In order to protect you, PayPal automatically encrypts your confidential information in transit from your computer to ours using the most advanced encryption technologies.

Once your information reaches us, it resides on a server that is heavily guarded both physically and electronically. Our servers sit behind an electronic firewall and are not directly connected to the internet, so your private information is available only to authorized computers.

We also monitor transactions 24/7 and a team of experts works behind the scenes to help protect you.

The PayPal Security Center offers tips, techniques, and tools on how to stay safe online. For more information, go to https://www.paypal.com/securitycenter or click the "Security Center" link located on any PayPal website page.


Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

Next response from PayPal:
Hello Christopher Hibbard,

Thanks for forwarding that suspicious-looking email. You're right - it was a phishing attempt, and we're working on stopping the fraud. By reporting the problem, you've made a difference!

Identity thieves try to trick you into revealing your password or other personal information through phishing emails and fake websites. To learn more about online safety, click "Security Center" on any PayPal webpage.


Every email counts. When you forward suspicious-looking emails to
spoof@paypal.com, you help keep yourself and others safe from identity
theft.

Your account security is very important to us, so we appreciate your
extra effort.

Thanks,

PayPal


This email is sent to you by the contracting entity to your User
Agreement, either PayPal Ince, PayPal Pte. Ltd or PayPal (Europe) S.à
r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:
5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118
349.