2 New PayPal Scams:

2 new PayPal scams, dirty politics, new viruses, and Yahoo IM:
Internet ScamBusters #86

Phishing scammers, virus writers, and email hoaxes are getting more clever. Today, we have another ‘Snippets’ issue primarily on these topics — with some very timely advice.

We focus on two new Paypal scams (one almost fooled us and the other did fool a very savvy friend of ours), dirty politics emails, a new brand of virus that is making its debut, another virus that is particularly nasty, and the answer to whether Yahoo is really shutting down its Instant Messenger system on August 17.

Before we get going, we thought you’d be interested in a new exclusive article we posted on the ScamBusters website about auto financing scams.

We’ve also done a major update to one of our most popular pages — on avoiding and reporting fraud. Click on the word fraud if you’re looking for resources to report a scam or help you if you’ve been scammed.

Time to begin…


Two New PayPal Scams


We’ve recently seen two very clever new PayPal scams we want to alert you to.

The first one almost fooled us (until we looked more carefully and saw all the typos). Here is part of it — it looks very official and is supposedly from the ‘Security Center’ at PayPal:

— Begin PayPal Phishing Scam —

Subject: PayPal Security Advisory

Military Grade Encryption is Only the Start

At PayPal, we want to increase your security and comfort
level with every transaction. From our Buyer and Seller
Protection Policies to our Verification and Reputation
systems, we’ll help to keep you safe.

We recently noticed one or more attempts to log in to your
PayPal account from a foreign IP address and we have reasons
to belive (sic) that your account was hijacked by a third
party without your authorization.

If you recently accessed your account while traveling, the
unusual log in attempts may have been initiated by you.
However, if you are the rightfull (sic) holder of the
account, click on the link below, fill the form and then
submit as we try to verify your identity.

==> (URL that looks like it goes to the PayPal Security Center)

If you choose to ignore our request, you leave us no choise
(sic) but to temporaly (sic) suspend your account.

We ask that you allow at least 72 hours for the case to be
investigated and we strongly recommend to verefy (sic) your
account in that time.

Etc.

— End PayPal Phishing Scam —

If you receive this email, delete it. Do NOT click on the link or fill out the form. You’d be giving your private info to a scammer in Hungary.

The second PayPal Scam is a bit different. It comes from a company in Florida that sent out at least 5,000 different $200 invoices to PayPal users for supposedly sending out spam to Florida residents.

At least one very savvy Internet user was fooled by this hoax.

— Begin Excerpt from PayPal Scam #2 —

Failure to remit the ammount [sic] due, in full, may result
in further collection proceedings, up to and including
actions taken before the courts for collection of
outstanding debt…

Florida Law provides Civil and Criminal Penalties for
Unlawful access to Computers within the State of Florida,
including the unlawful access and use of e-mail servers
located in the State Of Florida.

— End Excerpt from PayPal Scam #2 —

The company has since sent out notices that these invoices are bogus and that they were sent by an employee. However, we doubt that this will be the last time we’ll see this type of scam…


Dirty Politics


By now you may well have received dozens of emails about how one of the US Presidential candidates (or members of their families) are communists, traitors, assassins — or that they have committed some horrible (and suppressed) acts.

The number of these hoaxes will undoubtedly increase significantly as November 2 gets closer. We’ve seen them for every candidate.

So, for the thousands of people who have already asked whether the contents of a particular email like this is true — and to the tens of thousands who will probably ask before November 2 — the answer is simple:

No, it’s a hoax.

We have yet to see any true email of this nature. So, save yourself (and your friends) the bandwidth and simply hit delete.

For our subscribers in other countries: We suspect you may also start to see this type of hoax around your elections (if your country has elections).


A New Brand of Virus Makes Its Debut


A new virus, which was originally sent to 30,000 newsgroups, started spreading this weekend. It contains claims and supposed photos of bin Laden’s suicide — but is actually a Trojan that makes it possible for the scammers to take over personal computers running Windows.

Another similar virus that supposedly contains bogus claims and photos of Arnold Schwarzenegger was also discovered on the newsgroups this weekend.

Recommendation: Never download files from newsgroups.

We suspect that both of these viruses — and many more — will spread via email shortly. Don’t try to view the ‘photos’ if you get these types of emails. The ‘photos’ are actually viruses and Trojan horses. Follow this advice even if the email looks like it was sent by a friend, family member or colleague.


Another Nasty Virus


There is a new variant of the MyDoom virus that was discovered on Monday. It sends itself to all the emails it finds on the infected system.

The ‘From’ field is spoofed. This means that the virus looks like it comes from your friend whose system was infected — which makes it more likely that you’ll open the email and download the attachment.

One of the worst things about this particular virus is that it often names the payload (i.e., what you’re asked to download that infects your system) with part of a familiar email address (such as the spoofed sender’s address), so people are more likely to download it.

For more info on this virus, visit:

==> http://www.scambusters.org/a/symantec2.html

Important note: ScamBusters never sends out email attachments. Nor do we ever send html mail. In fact, because of viruses, we only send out plain text. Therefore, even if an email appears to come from us, any email that includes an attachment or is in html format is not from us (it’s spoofed) and is very likely a virus.


Is Yahoo Really Shutting Down Its Instant Messenger System?


The ‘clever quotient’ on this email hoax is not very high. Nevertheless, we’ve had so many subscribers ask if Yahoo is really going to shut down — or limit the number of accounts for — its Instant Messenger System, that we thought we should put your minds at ease.

There are lots of different variants of this hoax. Some specifically mention August 17 (both 2003 and 2004) as the date that changes will occur. Others are more generic and say that a maximum number of accounts (for example, 2 million) have been reached and so they need to start eliminating inactive accounts.

Each version asks you to send the hoax to people on your list — so Yahoo can see which accounts are being used. The hoax threatens that if you don’t do this within a certain number of days (for example, three or eight), Yahoo will be forced to close your account.

Punchline: This is a hoax, no matter how authoritative it may seem, or what instant messaging service is mentioned. You can see a similar hoax for AOL that has been popular by clicking here.

That’s it for today — have a great week.