PayPal Phishing

June 12th, 2005 | Tags:

I recently got an email claiming to be from [PayPal](https://paypal.com/) about a change in their terms of service.

> PayPal has recently made several important changes to our User Agreement and Privacy Policy. Please read the new User Agreement and Privacy Policy, because they contain important information about your PayPal account, your rights as a PayPal user, and the ways in which PayPal will use your personal information.
>
> After you have reviewed the User Agreement and Privacy Policy below, please choose the “Yes” radio buttons and click Continue.
> https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
>
> If you fail to read and agree to the new User Agreement within 120 days, PayPal will assume you do not accept PayPal’s User Agreement and prefer not to do business with PayPal. In such circumstances, after providing additional notice, PayPal will limit your access to your PayPal account and will payout any remaining account balance under the terms of the old User Agreement.
>
> Note: The User Agreement below will take immediate effect for all PayPal accounts signing up on or after February 7, 2005. PayPal accounts who signed up prior to February 7, 2005, will have 120 days after the date they next log in to their PayPal account to decide whether they agree to the new User Agreement. These accounts will continue to be governed by the old User Agreement until they agree to the new User Agreement, or until January 1, 2006, whichever comes first.
Thank you for your prompt attention to this matter.
>
> Sincerely,
> PayPal Account Review Team
> \——————————————————————
>
> Please do not reply to this e-mail. Mail sent to this address cannot be answered. All of the information necessary to restore your account access is available on the PayPal website. For assistance, log in to your PayPal account and choose the “Help” link in the header of any page.
>
> \——————————————————————

The factor that confused me wasn’t that it wasn’t an HTML e-mail (which is the format that Paypal usually uses), but that it came to an address that I don’t have a PayPal account with. How many PayPal emails can you get sent to `bidpay-payments@` before you start getting suspicious. And since I started writing this, I got the same email at `paypal-creditcard-payments@`, leading me to believe they are scraping email addresses that are found on [eBay](http://ebay.com/) pages.

Apparently the Phishers are getting better.

If you’d like to see how well you can do at spotting the real sites from the fakes, take [this quiz](http://survey.mailfrontier.com/survey/quiztest.html). I took it for the second time and still only got 8 out of 10 right.

Leave a comment
No comments yet.
You must be logged in to post a comment.