We have a corporate Paypal account in our subsidiary company the Made Simple Group which is proving quite successful for both our virtual office service sites at Londonpresence.com and Thisisyouroffice.com .
However, I received an interesting email today in relation to a supposed Paypal payment that we have made for a Sony Vio amounting to £247.85.
Of course, we didn’t recognise this transaction at all and then realised that when you click on the link for cancelling the transaction, they ask you to put in your user name and log in which for Paypal merchants like us, would give someone immediate access to our Paypal funds. These could then be transferred anywhere.
This is a very worrying email and a convincing one. Obviously, the scammers have identified merchants who use Paypal and it was very easy to send them an email that looked like it had come from Paypal with a link to a site that looked like Paypal but obviously isn’t.
I suspect that many people could be caught out by this and so I am doing my best to spread the word including alerting Paypal themselves to this.
Anyone who has some similar scams or experienced the same with Paypal should contact me
HG
Filed under: Business, Communications, Phishing Tagged: | londonpresence, made simple group, paypal, Phishing, this is your office, virtual office
These scams are so common and not even necessarily targeted. If the scammers e-mail enough people they’re bound to hit someone who has a PayPal account.
I’ve received these too and found that Firefox actually has built in protection. It alerted me that the page I was visiting was not legitimate. When I tested the link in IE there was no such warning. (Just another reason why I love Firefox)
PayPal is very aware of how common these scams are and are very good at responding to scam related e-mails forwarded to them which is a relief.
Hi, just want to pass this on, as I don’t own a web site to do so. About two days ago, I got an email in my gmail from “PayPal” as follows:
Hello David Rxxxxx,
As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account.
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Case ID Number: PP-830-528-499
For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause…..etc.,…..
Anyhow, after changing password and security questions…what I failed to notice was the lack of the PayPal ‘logo’ ….which is usually included in all real PayPal emails, of which you can click on to take you directly to the site. Just want others to know…look for the PayPal logo on the email. If you click it and you go to site, it’s the real thing…if there is no logo or maybe one that will not work when clicked on ….it’s a scam! Now, I’m awaiting a letter to arrive in the USPS mail to confirm my location, regarding my true identity of the PayPal account in question. I plan to send it back full of fake info!
Thanks, Dave
It is important to pay attention to the details, as they may give away the fact that an e-mail is not from the proposed source.
However, do NOT think that the logo, from PayPal or otherwise is the deal maker or breaker. Using someone else’s logo in an e-mails couldn’t be easier. If you received a phishing e-mail without the logo, it looks like it was just a sloppy job by the scammer. Usually the e-mails contain all sorts of logos and are designed to look exactly like the real thing.
If you have any doubt about an e-mail you’ve received, the best thing you can do, is avoid the links in the e-mail, and visit the site in question yourself directly and log in. If the e-mail is legit you’ll most likely have an identical message waiting for you within your account.
If you’re clicking on links from an e-mail to a website you have an account on, just check the address in your browser carefully. Even a small change to the usual address could signify that you are visiting an imitation website bent on stealing information from you.