PayPal® UPDATE TEAM <aw-confirmation@paypal.com>
Sent : Wednesday, December 8, 2004 4:56 AM
To : mercinary's email edited out
Subject : Credit/Debit card update


Dear valued PayPal® member:

It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension.
Please update your records on or before November 27, 2004.

Once you have updated your account records, your PayPal® session will not be interrupted and will continue as normal.

To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Mercinary's Note: (link actually goes here: http://update.paypal.com%01@64.182.19.192)

Thank You.
PayPal® UPDATE TEAM

Accounts Management As outlined in our User Agreement, PayPal® will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside



The real ip (if you ping paypal.com) is 216.113.188.32. The 64.182.19.192 is a site set up to look just like paypal and steal your login info!

-Merc

For anyone who received the same email, report it here:

https://www.paypal.com/us/cgi-bin/webscr?cmd=_contact

Use the form to select "Protections/Privacy/Security" ---> "Report Fake Site/Spoof"

OR

Use the form to select "Protections/Privacy/Security" ---> "Report Spam / Suspicious Email".


I just reported the site myself.

-Merc

I received this reply:


Thank you for contacting PayPal.

We appreciate you bringing this suspicious activity to our attention.

Please follow the instructions below to report any suspicious activity
associated with your PayPal Account:

1. Go to https://www.paypal.com/ by typing in the URL into your web
browser's address bar
2. Log in to your account, if able
3. Click on the Security Center link located at the bottom of the any
page
4. Click on 'Report a Problem'
5. Select the Topic: Report Fraud
6. Select the Subtopic from the list provided
7. Enter your question in the 'Summarize your question in one sentence'
box
8. Click Continue
9. Follow the instructions that are provided

If reporting a suspicious or potentially fraudulent email that you have
received, please forward the original email to us at spoof@paypal.com.
Immediately delete the email from your inbox once it has been sent.

If you have surrendered financial or password information to a suspicious
email or website, promptly report this to the issuing institution as well
as change your password and secret answers on your PayPal Account. This can
be completed in the Profile section of your account.

If we require additional information from you, we will notify you via
email. We thank you for helping PayPal become the most trusted payment
service on the Internet.
If you have any further questions, please feel free to contact us again.

Sincerely,
Candice
PayPal Resolution Services
PayPal, an eBay Company


-Merc

Watch out for this one that I just received from another Phisher looking for Paypal info:




Dear PayPal User,

PLEASE READ THIS NOTICE CAREFULLY.

You have received this Notice because the records of PayPal Inc. indicate you are a current or former PayPal account holder who has been deemed eligible to receive a payment from the class action settlement in accordance with PayPal Litigation, Case No. 02 1227 JF PVT,
pending in the United States District Court for the Northern District of California in San Jose.

In your specific case you have been found to be eligible for a payment of $13.65 USD.

The aforementioned settlement funds may be transferred directly to your bank account providing you have a linked debit card. The funds may not be credited directly to your PayPal account as this would render Paypal to be accumulating interest and thus profiting on litigation settlement funds which contravenes Federal law. Your bank account will be credited within 7 days upon submission of account details.

To credit your bank account please Click Here.

If you are seeking an alternate method of receiving your funds PayPal will be contacting those who do not submit their details by the 22th of December with instructions to receive a cheque in the mail. However this will incur a 7.5% processing fee deducted from the settlement amount and therefore PayPal only recommends this option to those users who do not currently have a bank account with linked Debit card.

Please Note that under United States federal law credit cards are not a legally approved method of settlement for Class Action suits and cannot be processed for transferal of funds in this case. Cards with Credit Card logos such as Visa or MasterCard are acceptable as long as they are Debit in nature.
This notice is a summary and does not describe all details of the settlement. For full details of the matters discussed in this notice, you may wish to review the Settlement Agreement dated September 11, 2004 and on file with the Court or visit https://www.paypal.com/settlement/. Complete copies of the Settlement Agreement and all other pleadings and papers filed in the lawsuit are also available for inspection and copying during regular business hours, at the Office of the Clerk of the Court, United States District Court for the Northern District of California, 280 South First Street, San Jose, California 95113.

PLEASE DO NOT TELEPHONE THE COURT REGARDING THIS NOTICE.
DATED: December 09, 2004
BY ORDER OF THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA


The link (where it says CLICK HERE) points to a 195.101.94.189 address which after looking at the pretend site, is a poor attempt at copying the Paypal site.

This is a new one that I haven't seen before, beware!

jokach

I dont know why, but I get paypal phishing emails seriously all the time, sometimes I'll get like 2 or 3 a day, a lot of them are the same, but the links will point to some different fake site. I've actually gotten tired of reporting them to paypal, I did at first, but I get them all the time, so I just delete them. Its weird too, cause I never get any other junk mail, or spam, cause I never give my email address out. Sometimes when I first got them, I would report them to paypal, and I would also lookup the ip it came from and report abuse to their isp.

What does paypal do to these site owners who send these phisher mails out? I never read about these scammers going to jail or anything like that.

It just seems that eBay's and PayPal's efforts against these threats are lackluster at best, and unfortunately these problems eventually become stolen accounts, which lead to bigger problems.

They take Phishing very seriously I imagine, but I bet it is hard to track down the originator. You don't hear a lot about Phisher's getting nailed though.

Internet policing is something that just isn't done well (yet). Someday I expect we will see a internet-bound police force. It really needs to be done, but I'm sure resources just aren't allocate for it.

-Merc

Yes, it is an inevitability.

Unfortunately, that will lead to so much more regulation that the 'Net will become another conquered frontier with much loss of freedom.

Those will be sad days. :(

I don't know what the deal is but I get really annoyed by it too. I get several of these at times from EBay and Paypal and other companies I have never even done business with. Fortunately, I have not fell victim to a single one yet. And some of them were pretty sneaky. That one posted on this thread about the Paypal settlement would be one I would put in the really sneaky category because that looks more realistic than a lot of them I get. At least it says your amount to receive is not some ridiculous amount so you get suspicious... It really annoys me. If they do come up with an internet police force I would love to be hired on it. I am so sick of this crap coming to my mailbox. The ones that make the maddest are the ones (I am assuming I am not the only one that gets these) that are for child porn. I looked up the Center for Exploited Children online and report most of those to them in hopes they might actually act on them. I have never even visited a porn site(not even accidentally) on my computer so there is no excuse for that garbage to come to me! I got one once that said I had subscribed to it and they were going to begin charging my credit card for some amount unless I logged into to their "link" and entered the same credit card information and requested they not charge it! Lucky me, I knew there should be no way in the world they would have that information so I just ignored them and reported them to the Center for Exploited Children. I explained in my email that I never visited to the site so I was only assuming it was of the content they were advertising in the email and if it was that to please do something. Anyway, just venting a little about how annoying it is to me too. Basically any email I get from Paypal,Ebay,AOL, or anyone else I go ahead and report it to them and tell them if it is a valid email to let me know directly and then I will follow instructions because I am not taking any chances!