Please DO NOT TRY to access the site. Please do not click on any links that appear in this post-
Dear current verified Paypal Member,
In our database, we have come across an error in your account. You
have violated our Policy. It was under Fraud Review code 48326. Please
understand that its your responsibility to follow our instructions to
avoid Account Termination. Click <a
href="http://209.90.125.216/ddpham/48326">here</a> to Log on to your
account. After logging on, verify your information. Please update your
record by adding an additional credit card. Disregard this letter if
you have already verified your updated information.
PayPal Account Review Department
http://www.paypal.com
posted on March 15, 2002 02:26:30 PM new
So Damon, have you figured out which of your co-workers is hosting these scam sites yet?
You need to make a bigger disclaimer at the top of your posting - Say something about when it was sent, how many have reported receiving it, that going to that web-site will likely cause their account to be hacked... etc.
Just saying "Don't access this site / Don't click on the link below" isn't really enough. Most people only know that 'links' are there to be 'clicked on'. You also said not to click on any link that appears in this post - shouldn't you advise everyone that "If you receive this e-mail, DO NOT click on the link that appears IN THE E-MAIL or try to access that web-site"?? And shouldn't you advise them who they should contact if they receive it??
posted on March 15, 2002 03:41:04 PM new
Hi ltlcrafty1,
"You need to make a bigger disclaimer at the top of your posting - Say something about when it was sent, how many have reported receiving it, that going to that web-site will likely cause their account to be hacked... etc."
I would not know:
a) how many users received the email
b) how many have reported receiving it
The warning was put out so users WOULD NOT enter information at a site that has a numerical value in the URL. As always, users need to login at www.paypal.com only.
posted on March 15, 2002 09:53:16 PM new
You gotta be kidding... is this PayPal fraud protection in action?? Post it to a public forum and hope a few people see it? Good job Damon... you earned your pay this month!
[ edited by frustratedguy on Mar 15, 2002 09:58 PM ]
posted on March 16, 2002 05:07:09 AM new
You guys are unreal.........
haven't any of you guys read the paypal site, or more importantly the "You've got cash" or "notification of an Instant Purchase......." emails?
At the bottom of each email it reads.......
"Note: When you login to your PayPal account, be sure that the website's URL always begins with "https://www.paypal.com/". The "s" in "https" at the beginning of the URL means you are logging into a secure page. If the URL does not begin with https, you are not on a PayPal page.
----------------------------------------------------------------
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in at
https://www.paypal.com. If anyone asks for your password, please
follow the Security Tips instructions on the PayPal website."
This to me is a warning that is given each and every time the transaction is done on the paypal website.
What happens is people only read what they think is important (ie., How much money they received or sent) and that is the end of it. Just a few more lines of reading and following a few simply rules and they will know not to log into anywhere but a site that reads https://www.paypal.com.
Blame paypal all you want for users giving out their passwords to thieves, but in reality the user made a bad choice by not reading emails or information easily found on the paypal website.
posted on March 16, 2002 11:20:31 AM new
An example of why PayPal is so easy to hack is that the kind of scam email that Damon posted, is exactly the kind of email that you'd expect from PayPal. It's so much of what you'd expect from PayPal you probably wouldn't even be suspect. (They seem to be always asking for verification of one thing or another.) On the other hand, if you got this kind of email from your bank or credit card company... you'll much more likely to be suspect and call them. (And get someone immediately!)
posted on March 18, 2002 11:09:09 AM new
You want to talk about UNREAL?
I asked damon a series of 'Shouldn't you have advised everyone of...'s. He attempted to answer 1 (i.e., I wouldn't know how many users received the e-mail or how many reported receiving it). What about who they should contact if they DO receive it? What about not clicking on the link in the EMAIL if it is received?
What about puting in your "warning" the fact that when logging onto a paypal site, it needs to begin w/'https' - even in your response, you only advised that it was 'www....'.
posted on March 18, 2002 03:46:42 PM new
ltlcrafty1,
Please look at my post again and NOTE -
"Note: When you login to your PayPal account, be sure that the website's URL always begins with "https://www.paypal.com/". The "s" in "https" at the beginning of the URL means you are logging into a secure page. If the URL does not begin with https, you are not on a PayPal page"
the warning about that https: that you state is so important IS ALREADY included in the paypal emails that are sent out.
I think the topic of SCAM SITE WARNING is enough of a warning for for most people. There are always going to be people, that no matter how many alerts they receive (ie., like the warning at the bottom of EVERY EMAIL from paypal, they will still try to access a scam site.
I don't know if things are different on your side or not, but if I click on your link or if I just type the paypal address into my browser, when the page loads, and I look back at the address bar it states https://www.paypal.com . I believe it automatically takes to the https:
posted on March 20, 2002 03:39:32 AM newHow come you can also log in with: http://paypal.com/
There is no S in this address.
If you log in with http://paypal.com the moment you click on the "log in" button you'll see the address in your browser URL window change to https. If you have cookies on your browser it will change before you even click on the "log in button"
Same goes for http://x.com. You probably won't have a cookie for that URL, but watch the browser URL address the moment you click on the logon button.
Always look at the URL address on your browser before entering a password.
Always look at the URL address on your browser before entering a password.
The URL link you click on isn't necessarily where you mean to go, like this https://www.paypal.com
