[BenP]

I got this email from service@paypal.com...



It looks official, but it seems kind of suspicious. Should I go ahead and verify my account? I'm thinking no, but figured I should ask.

Oh, and sorry if this should be in GB. I wasn't sure.

[SledgeHammer]

If you want to check whether or not it's real, your best bet would be to ignore the link in the email and navigate and sign into PayPal normally. If they really want some kind of verification, it should say so when you sign in legitimately.

[scratt]

Quote:

Originally Posted by SledgeHammer If you want to check whether or not it's real, your best bet would be to ignore the link in the email and navigate and sign into PayPal normally. If they really want some kind of verification, it should say so when you sign in legitimately.

Seconded.

[FFL]

phresh phish!

yeah, it's 99% sure to be fake. Try the command View -> Message -> Long Headers and see what it says. Also, there is no harm in actually clicking the link (just don't enter the info) to see what actual address it leads to.

[Bancho]

If it was REALLY from Paypal and REALLY so important, don't you think that maybe, JUST MAYBE, they'd address you by name instead of some generic form letter with no identifying info whatsoever??

I get so many of these it's not funny. I get all the ones from different banks telling me to verify my info as well. The best part is I have no accounts with any of these banks. Apparently I've won a lot of lotteries and they desperately need my info so I can claim my millions that I've won too.

Do as others have suggested for your own peace of mind and surf to Paypal manually.

I'll give yahoo some credit, since they are my sacrificial email address. They catch nearly all these messages as spam and stick them in my bulk folder.

[spotcatbug]

Just ignore it. 100% fake.

[DMBand0026]

Don't forget to give them your social security number. That's vital to verifying your account.

[chucker]

The suspicious part is "undisclosed-recipients". They would personally address you. All PayPal e-mails I receive are addressed to my full name and my personal e-mail address.

That said, if you haven't verified your PayPal account, which basically means allowing them to check you have an actual bank account, you should eventually do it. Go to PayPal's website to check.

[csb]

I would take it as FAKE, i haven't had an acct with paypal since my credit card expired and i didn't give them the new expire date and that was over a year ago, I just recently got an e-mail just like yours. In fact there was another one in my inbox today different then the first.
I couldn't log onto the Paypal site because i don't remember my password and acct should be closed anyway, but i wish there was a way to contact there support to check this out with them (I can't find a link to any e-mail address on the paypal site)

[Brad]

Well, if nothing else, this thread has served to remind me just how hideous the default Mail icons look. *shudder*

[torifile]

If you're ever unsure about the validity of an email or want to see if it's real, it's always best to go to the site DIRECTLY in your browser. Don't click on any links in the email. Just go to paypal.com and "verify" that way.

[ShadowOfGed]

Quote:

Originally Posted by FFL Also, there is no harm in actually clicking the link (just don't enter the info) to see what actual address it leads to.

No! Don't click the link.

I got a fraudlent "Citibank" email today; the link included a bunch of characters at the end, which presumably form some kind of unique identifier. What's worse is the one I got had my first name, last name, and address correct. Somebody bought information. The hostnames, IP addresses, and other stuff was bogus though.

Tip 1: Legitimate emails will always include your full name as registered with eBay, PayPal, whoever.
Tip 2: Hover over links to see the URL before you click them. Fraudulent ones often look like (for example, mine today) "www.citibank.com.user346543.com/[UniqueID_Junk]." The first three parts make it look like citibank.com if you're not careful.
Tip 3: Any institution like eBay or PayPal will almost assuredly have all links point to HTTPS servers, thus beginning with "https://" so if yours begins only with "http://", be careful.

I won't repeat what they said above, but the idea of only logging in manually and not following links sounds like a good tip I hadn't heard before.

[Phoenix]

I got this email a while ago. I didn't click the link nor did i follow it up. Nothing has come of it since then. And i have used pay-pal since the email as well.

It's a fake.

[Franz Josef]

I wouldn't cllick on the link if I were you. If you have a static IP address they will likely flag you and send other spam / phishing emails.

[*Joe*]

In the past I have had various phishing emails in the guise of paypal, if you forward them, including headers to: spoof@paypal.com they will reply either confirming or denying that it is theirs. Most of the time you can tell anyway, but it just keeps them aware of the current problem.

[alcimedes]

Not just that, some browser/java base exploits are cross platform, and you may not be as safe as you think.

Some of the smarter phishing e-mails will send you to paypal's actual website, while opening an invisible window that tracks the information you're entering into paypal's website.

Not sure if those exploits are still around, but when they first came out I remember they were quite nasty.

[Legodude522]

Its FAKE. I have been getting these even before I had a paypal or ebay account.

[Gargoyle]

After you login to paypal, there is a security tips link on the left hand menu.

Quote:

Originally Posted by PayPal PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member."

On a side note:

Quote:

Originally Posted by Brad Well, if nothing else, this thread has served to remind me just how hideous the default Mail icons look. *shudder*

Which icons do you use?

[chucker]

Quote:

Originally Posted by Gargoyle Which icons do you use?

He presumably uses the Panther icons, thanks to Mail Stamps 2.

[BenP]

OK, I forwarded the email to PayPal. I did click on the link, and it took me to PayPal's login address, but it wasn't https. I didn't enter anything into the login window, though.

I should have realized it was fake before I even opened it... my PayPal account is registered to a Hotmail address, which I can't check through Mail. Hmmm. I never got any of this junk before I got my university email address.

[Brad]

Quote:

Which icons do you use?

What chucker said.

[turbulentfurball]

I got something similar saying that I had to confirm details because I had logged in to paypal from more than one computer. I was threatened with account suspension if I didn't enter my details. The email went straight to my trash folder and I found it over a week later. I logged into paypal without responding to the email, and surprise, my account was functioning as normal. Avoid anything like this methinks

[turbulentfurball]

*bump*

Just got this email:

Quote:

Dear valued PayPal member, The security questions and answers for your PayPal account were changed on September , 2006. If you did not authorize this change,please contact us immediately using this link : https://www.paypal-us.com/ws-23/contact-us However, You will need to update some of your records in our Resolution center if not will result account suspension. Please update your records on September . For more information on protecting yourself from fraud, please review the Security Tips in our Security Center. Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page. Thank you for using PayPal! , The PayPal Team PayPal Email ID PP3337

Smells phishy to me. The grammar is atrocious.

Just a heads up in case it's doing the rounds

[Fahrenheit]

Yep, got exact same email this morning. Just forward it to spoof@paypal.com anyway, just so they can get the domain shut down.

[chucker]

Indeed; paypal-us.com is not an official PayPal web site. Fairly obvious attempt at phishing.

[turbulentfurball]

I forgot to add that the sender was service9@paypalonline.com, different again from paypal-us.com.

[torifile]

And it just bears reiterating, if you're not sure if the email is valid but could be, just go to the site directly. Don't click on the link because chances are that'll tell the spammers the account is real (though, if you're loading images automatically, that's already done).

Any ecommerce site worth doing business with will have some sort of notification of any attempts to contact you when you sign in.

[alcimedes]

Oh, one other word to the wise.

Every legitimate e-mail from a company like PayPal or E-bay or your bank etc. will include your name in the body of the e-mail message.

So rather than "Dear valued customer" it will say "Dear Bob Jones".

If it is addressed to some generic title, it's not legitimate.

[Res]

When you get an e-mail like that, do not click on any of the links, just delete it immediately.

[zippy]

In IE or Firefox on a Windows machine, if you hover over the link, it will show you the actual URL down in the status bar before you ever click. (not sure about Safari as I am still an OS X newbie and not at my Mac right now). When you see where the actual URL would send you, it is obviously fake.