2 new PayPal scams, dirty politics, new viruses, and Yahoo IM:
Internet ScamBusters #86
The #1 Publication on Internet Fraud
By Audri and Jim Lanford
Copyright © Audri and Jim Lanford
All rights reserved.
Phishing scammers, virus writers, and email hoaxes are getting more clever. Today,
we have another ‘Snippets’ issue primarily on these topics — with some very timely
We focus on two new Paypal scams (one almost fooled us and the other did fool
a very savvy friend of ours), dirty politics emails, a new brand of virus that
is making its debut, another virus that is particularly nasty, and the answer
to whether Yahoo is really shutting down its Instant Messenger system on August
Before we get going, we thought you’d be interested in a new exclusive article
we posted on the ScamBusters website about auto
We’ve also done a major update to one of our most popular pages — on avoiding
on the word fraud
if you’re looking for resources to report a scam or help you if you’ve been scammed.
Time to begin…
Two New PayPal Scams
We’ve recently seen two very clever new PayPal scams we want to alert you to.
The first one almost fooled us (until we looked more carefully and saw all the
typos). Here is part of it — it looks very official and is supposedly from the
‘Security Center’ at PayPal:
— Begin PayPal Phishing Scam —
Subject: PayPal Security Advisory
Military Grade Encryption is Only the Start
At PayPal, we want to increase your security and comfort
level with every transaction. From our Buyer and Seller
Protection Policies to our Verification and Reputation
systems, we’ll help to keep you safe.
We recently noticed one or more attempts to log in to your
PayPal account from a foreign IP address and we have reasons
to belive (sic) that your account was hijacked by a third
party without your authorization.
If you recently accessed your account while traveling, the
unusual log in attempts may have been initiated by you.
However, if you are the rightfull (sic) holder of the
account, click on the link below, fill the form and then
submit as we try to verify your identity.
==> (URL that looks like it goes to the PayPal Security Center)
If you choose to ignore our request, you leave us no choise
(sic) but to temporaly (sic) suspend your account.
We ask that you allow at least 72 hours for the case to be
investigated and we strongly recommend to verefy (sic) your
account in that time.
— End PayPal Phishing Scam —
If you receive this email, delete it. Do NOT click on the link or fill out the
form. You’d be giving your private info to a scammer in Hungary.
The second PayPal Scam is a bit different. It comes from a company in Florida
that sent out at least 5,000 different $200 invoices to PayPal users for supposedly
sending out spam to Florida residents.
At least one very savvy Internet user was fooled by this hoax.
— Begin Excerpt from PayPal Scam #2 —
Failure to remit the ammount [sic] due, in full, may result
in further collection proceedings, up to and including
actions taken before the courts for collection of
Florida Law provides Civil and Criminal Penalties for
Unlawful access to Computers within the State of Florida,
including the unlawful access and use of e-mail servers
located in the State Of Florida.
— End Excerpt from PayPal Scam #2 —
The company has since sent out notices that these invoices are bogus and that
they were sent by an employee. However, we doubt that this will be the last time
we’ll see this type of scam…
By now you may well have received dozens of emails about how one of the US Presidential
candidates (or members of their families) are communists, traitors, assassins
— or that they have committed some horrible (and suppressed) acts.
The number of these hoaxes will undoubtedly increase significantly as November
2 gets closer. We’ve seen them for every candidate.
So, for the thousands of people who have already asked whether the contents of
a particular email like this is true — and to the tens of thousands who will
probably ask before November 2 — the answer is simple:
No, it’s a hoax.
We have yet to see any true email of this nature. So, save yourself (and your
friends) the bandwidth and simply hit delete.
For our subscribers in other countries: We suspect you may also start to see this
type of hoax around your elections (if your country has elections).
A New Brand of Virus Makes Its Debut
A new virus, which was originally sent to 30,000 newsgroups, started spreading
this weekend. It contains claims and supposed photos of bin Laden’s suicide —
but is actually a Trojan that makes it possible for the scammers to take over
personal computers running Windows.
Another similar virus that supposedly contains bogus claims and photos of Arnold
Schwarzenegger was also discovered on the newsgroups this weekend.
Recommendation: Never download files from newsgroups.
We suspect that both of these viruses — and many more — will spread via email
shortly. Don’t try to view the ‘photos’ if you get these types of emails. The
‘photos’ are actually viruses and Trojan horses. Follow this advice even if the
email looks like it was sent by a friend, family member or colleague.
Another Nasty Virus
There is a new variant of the MyDoom virus that was discovered on Monday. It sends
itself to all the emails it finds on the infected system.
The ‘From’ field is spoofed. This means that the virus looks like it comes from
your friend whose system was infected — which makes it more likely that you’ll
open the email and download the attachment.
One of the worst things about this particular virus is that it often names the
payload (i.e., what you’re asked to download that infects your system) with part
of a familiar email address (such as the spoofed sender’s address), so people
are more likely to download it.
For more info on this virus, visit:
Important note: ScamBusters never sends out email attachments.
Nor do we ever send html mail. In fact, because of viruses, we only send out plain
text. Therefore, even if an email appears to come from us, any email that includes
an attachment or is in html format is not from us (it’s spoofed) and is very likely
Is Yahoo Really Shutting Down Its Instant Messenger System?
The ‘clever quotient’ on this email hoax is not very high. Nevertheless, we’ve
had so many subscribers ask if Yahoo is really going to shut down — or limit
the number of accounts for — its Instant Messenger System, that we thought we
should put your minds at ease.
There are lots of different variants of this hoax. Some specifically mention August
17 (both 2003 and 2004) as the date that changes will occur. Others are more generic
and say that a maximum number of accounts (for example, 2 million) have been reached
and so they need to start eliminating inactive accounts.
Each version asks you to send the hoax to people on your list — so Yahoo can
see which accounts are being used. The hoax threatens that if you don’t do this
within a certain number of days (for example, three or eight), Yahoo will be forced
to close your account.
Punchline: This is a hoax, no matter how authoritative it may seem, or what instant
messaging service is mentioned. You can see a similar hoax for AOL
that has been popular by clicking here.
That’s it for today — have a great week.