New PayPal scam email spoofs genuine account inquiry: Internet Scambusters #431
If you buy or sell online, you could be vulnerable to a PayPal
Spoofing the name of the company that handles online payment
transactions, or abusing the way it operates, underlies a huge
amount of Internet fraud.
In this week’s issue we highlight the five most common PayPal
scams, how you can avoid them and the actions you can take to
further protect yourself.
Before we get started, we suggest you visit last week’s most
popular articles from our other websites:
How Frugal Are You? Let us know your best frugal tips so we can share them with everyone.
A Low Carb Barbecue Sauce Recipe: This low carb barbecue sauce isn’t the contradiction it sounds like!
Quick, Healthy Lunches Loaded with Omega-3: It won’t be a challenge to include more Omega-3 in your diet at work once you’ve tried these healthy alternatives.
Chocolate Fondue: the Best Dessert Ever: There are so many exciting ways to enjoy chocolate fondue — and they’re all perfectly legal!
Time to get going…
The Five Most Common PayPal Scam Tricks
A new PayPal scam has landed in hundreds of thousands of email
inboxes during the past few months.
The attack uses one of the oldest tricks in the book — trying
to con people into revealing their PayPal account details.
But it’s cunningly put together and it emphasizes the fact
that because we think of PayPal as a safer way to do
business, it may be easier to fall for a scam that uses the
We’ve reported on this topic before in a past article, 2 New PayPal Scams.
But this latest incident is a stepping-off point to highlight
the five most common types of PayPal fraud.
First, though, a word about PayPal.
You may already know that this online money transfer and
payment system is owned by the online auctioneer eBay.
But it’s used for a whole lot more than paying for auction
purchases. Many retailers now accept PayPal for payment of
online purchases and it’s even used for transferring money as
The key attraction — and the reason it’s considered secure —
is that you don’t have to provide your credit card details to
Only PayPal has your card details, plus any credit balance you
But the organization is not a bank and it is not subject to
banking regulations. Nor are its funds protected by the
Federal Deposit Insurance Corporation (FDIC).
We’re not saying that’s a bad or good thing… just making it
Over the years, PayPal has made numerous changes to its
security policies to try to reduce the incidence of scams,
closing a number of loopholes that were being exploited by
But there’s little or nothing they can do about their name
being taken in vain or when members misguidedly use the system
incorrectly, playing into the hands of villains, as our list
PayPal Email Scam #1
We wrote some years ago about this type of phishing scam, in
which the crook tries to get your account details.
And according to a 2010 report from Internet security outfit
Kaspersky Lab, 56% of all coordinated phishing attacks target
PayPal account holders.
The newest variant pretends to be a notification that your
account has been switched to “limited” status.
This is very cunning because, every year, PayPal does in fact
“limit” thousands of accounts, and they do send out email
notifications and information requests to affected account
“Limiting” restricts account activity and usually kicks in
when PayPal notices something unusual in an account’s
That makes it a perfect subject for spoof emails; so, earlier
this year, another Internet security firm Sophos warned of a
PayPal email scam based on the “limiting” process.
According to Sophos, the email contains the following
(Begin PayPal scam message)
Dear PayPal account holder
PayPal is constantly working to ensure security by regularly
screening the accounts in our system. We have recently
determined that different computers have tried logging into
your PayPal account, and multiple password failures were
present before the logons.
Until we can collect secure information, your access to
sensitive account features will be limited. We would like to
restore your access as soon as possible, and we apologize for
Download and fill out the form to resolve the problem and then
log into your account.
(End PayPal scam message)
Of course, as usual, the message appears to be genuine,
though, unlike some other PayPal scam email messages,
apparently it does not use the PayPal logo.
The attachment is called “restore_your_account_PayPal.html”
but if you complete it, you’ll be supplying your account
details to criminals, not to PayPal.
Action: With any email seeking confidential information, from
PayPal or anyone else, do not reply or open attachments.
Instead, visit the organization’s website by keying in the
address and check out your status there.
In the case of PayPal, go to https://www.paypal.com, log in,
click on the “Help” link at the very top of the screen, then
click on “Limited account” in the “Resolving Account Issues”
PayPal Email Scam #2
Spoof email messages with attachments or links to bogus PayPal
pages may also be used to upload malware onto your PC.
In some recent cases, these have been used to gather banking
information from victims’ PCs.
This information is then used to transfer funds into
unverified PayPal accounts.
Action: Again, don’t click on attachments or follow links in
such emails. Go directly to paypal.com.
PayPal has also partnered with security software firm Iconix
to produce a free program called eMail ID, which will
supposedly tell you if an email is truly from PayPal.
We haven’t used or tested it, so we can’t vouch for its
effectiveness, but you can learn more and download it at their site.
The Gift Payment PayPal Scam
As we said earlier, PayPal also can be used to easily transfer
money between individuals.
In a new scam, crooked online vendors, especially those using
eBay and the classified ads site Craigslist, ask buyers to
send payment as a cash transfer or gift rather than a regular
“payment for goods.”
Why would you do this? Well, the seller will say this will
avoid them having to pay a fee for the transaction.
But a gift is a gift, right? It’s not a payment for goods, so,
by definition, you won’t qualify for PayPal’s purchase
As far as they’re concerned, you haven’t bought anything;
you’ve just gifted some cash!
If the goods don’t turn up or they’re not what you expected,
you don’t have a leg to stand on.
Action: Just don’t do it! Explain that you want to be covered
by PayPal’s purchase protection and this is the only way
you’ll do the deal.
If the vendor says you’ll have to pay extra to cover the fee,
you have to decide whether the deal is worth it.
The “Payment Received” PayPal Scam
In this PayPal fraud, a bogus buyer agrees to use the online
payment service and sends you a fake email, supposedly from
PayPal, saying they (PayPal) have received the payment and
asking you to mail off the item you sold so that the money can
be transferred to your account.
The message says the money will only be released when you
provide a tracking number as proof it has been shipped.
Sophisticated versions of this trick disguise the real email
address to look like it’s from PayPal and may even include
what appears to be an extract from your account, showing the
Of course, the money’s not really there, and if you ship the
item, you’ll be the loser.
Action: Always verify payment notifications by logging on to
your PayPal account directly.
Hijacked PayPal Accounts
As a result of phishing or malware, crooks gain access to your
PayPal account and drain it.
Or, as part of an identity theft scheme, they may open PayPal
accounts in your name but with a different address, and link
them to your bank account.
When a person opens a PayPal account, the firm makes a small
deposit into your bank account, and then asks you to tell them
the exact sum so they can verify it’s your bank account and
activate your PayPal account.
If the scammer knows how to access your bank details, they can
get this verification, setting up a PayPal account linked to
your bank account.
Action: Monitor your PayPal account regularly and check your
bank statement for small transactions you know nothing about.
As we said at the outset, PayPal themselves do a tremendous
amount to limit the risk of fraud, including helping you to
create good passwords.
To find out more, got to paypal.com and click on “Security and
Protection” at the top of the page.
A PayPal scam may be an increasingly frequent trick but using
this information and a good measure of common sense, you
should be able to avoid being among the victims.
That’s a wrap for this issue. Wishing you a great week!