2 New PayPal Scams:

2 new PayPal scams, dirty politics, new viruses, and Yahoo IM:
Internet ScamBusters #86

Internet ScamBusters™

The #1 Publication on Internet Fraud

By Audri and Jim Lanford

Copyright © Audri and Jim Lanford

All rights reserved.

Issue #86

Hi Everyone,

Phishing scammers, virus writers, and email hoaxes are getting more clever. Today,

we have another ‘Snippets’ issue primarily on these topics — with some very timely


We focus on two new Paypal scams (one almost fooled us and the other did fool

a very savvy friend of ours), dirty politics emails, a new brand of virus that

is making its debut, another virus that is particularly nasty, and the answer

to whether Yahoo is really shutting down its Instant Messenger system on August


Before we get going, we thought you’d be interested in a new exclusive article

we posted on the ScamBusters website about auto

financing scams.

We’ve also done a major update to one of our most popular pages — on avoiding

and reporting fraud. Click

on the word fraud

if you’re looking for resources to report a scam or help you if you’ve been scammed.

Time to begin…

Two New PayPal Scams

We’ve recently seen two very clever new PayPal scams we want to alert you to.

The first one almost fooled us (until we looked more carefully and saw all the

typos). Here is part of it — it looks very official and is supposedly from the

‘Security Center’ at PayPal:

— Begin PayPal Phishing Scam —

Subject: PayPal Security Advisory

Military Grade Encryption is Only the Start

At PayPal, we want to increase your security and comfort

level with every transaction. From our Buyer and Seller

Protection Policies to our Verification and Reputation

systems, we’ll help to keep you safe.

We recently noticed one or more attempts to log in to your

PayPal account from a foreign IP address and we have reasons

to belive (sic) that your account was hijacked by a third

party without your authorization.

If you recently accessed your account while traveling, the

unusual log in attempts may have been initiated by you.

However, if you are the rightfull (sic) holder of the

account, click on the link below, fill the form and then

submit as we try to verify your identity.

==> (URL that looks like it goes to the PayPal Security Center)

If you choose to ignore our request, you leave us no choise

(sic) but to temporaly (sic) suspend your account.

We ask that you allow at least 72 hours for the case to be

investigated and we strongly recommend to verefy (sic) your

account in that time.


— End PayPal Phishing Scam —

If you receive this email, delete it. Do NOT click on the link or fill out the

form. You’d be giving your private info to a scammer in Hungary.

The second PayPal Scam is a bit different. It comes from a company in Florida

that sent out at least 5,000 different $200 invoices to PayPal users for supposedly

sending out spam to Florida residents.

At least one very savvy Internet user was fooled by this hoax.

— Begin Excerpt from PayPal Scam #2 —

Failure to remit the ammount [sic] due, in full, may result

in further collection proceedings, up to and including

actions taken before the courts for collection of

outstanding debt…

Florida Law provides Civil and Criminal Penalties for

Unlawful access to Computers within the State of Florida,

including the unlawful access and use of e-mail servers

located in the State Of Florida.

— End Excerpt from PayPal Scam #2 —

The company has since sent out notices that these invoices are bogus and that

they were sent by an employee. However, we doubt that this will be the last time

we’ll see this type of scam…

Dirty Politics

By now you may well have received dozens of emails about how one of the US Presidential

candidates (or members of their families) are communists, traitors, assassins

— or that they have committed some horrible (and suppressed) acts.

The number of these hoaxes will undoubtedly increase significantly as November

2 gets closer. We’ve seen them for every candidate.

So, for the thousands of people who have already asked whether the contents of

a particular email like this is true — and to the tens of thousands who will

probably ask before November 2 — the answer is simple:

       No, it’s a hoax.

We have yet to see any true email of this nature. So, save yourself (and your

friends) the bandwidth and simply hit delete.

For our subscribers in other countries: We suspect you may also start to see this

type of hoax around your elections (if your country has elections).

A New Brand of Virus Makes Its Debut

A new virus, which was originally sent to 30,000 newsgroups, started spreading

this weekend. It contains claims and supposed photos of bin Laden’s suicide —

but is actually a Trojan that makes it possible for the scammers to take over

personal computers running Windows.

Another similar virus that supposedly contains bogus claims and photos of Arnold

Schwarzenegger was also discovered on the newsgroups this weekend.

Recommendation: Never download files from newsgroups.

We suspect that both of these viruses — and many more — will spread via email

shortly. Don’t try to view the ‘photos’ if you get these types of emails. The

‘photos’ are actually viruses and Trojan horses. Follow this advice even if the

email looks like it was sent by a friend, family member or colleague.

Another Nasty Virus

There is a new variant of the MyDoom virus that was discovered on Monday. It sends

itself to all the emails it finds on the infected system.

The ‘From’ field is spoofed. This means that the virus looks like it comes from

your friend whose system was infected — which makes it more likely that you’ll

open the email and download the attachment.

One of the worst things about this particular virus is that it often names the

payload (i.e., what you’re asked to download that infects your system) with part

of a familiar email address (such as the spoofed sender’s address), so people

are more likely to download it.

For more info on this virus, visit:

==> http://www.scambusters.org/a/symantec2.html

Important note: ScamBusters never sends out email attachments.

Nor do we ever send html mail. In fact, because of viruses, we only send out plain

text. Therefore, even if an email appears to come from us, any email that includes

an attachment or is in html format is not from us (it’s spoofed) and is very likely

a virus.

Is Yahoo Really Shutting Down Its Instant Messenger System?

The ‘clever quotient’ on this email hoax is not very high. Nevertheless, we’ve

had so many subscribers ask if Yahoo is really going to shut down — or limit

the number of accounts for — its Instant Messenger System, that we thought we

should put your minds at ease.

There are lots of different variants of this hoax. Some specifically mention August

17 (both 2003 and 2004) as the date that changes will occur. Others are more generic

and say that a maximum number of accounts (for example, 2 million) have been reached

and so they need to start eliminating inactive accounts.

Each version asks you to send the hoax to people on your list — so Yahoo can

see which accounts are being used. The hoax threatens that if you don’t do this

within a certain number of days (for example, three or eight), Yahoo will be forced

to close your account.

Punchline: This is a hoax, no matter how authoritative it may seem, or what instant

messaging service is mentioned. You can see a similar hoax for AOL

that has been popular by clicking here.

That’s it for today — have a great week.