posted
I got an e-mail purporting to be from PayPal about a problem with my account. Of course, the real problem is that I don't remember ever setting up a PayPal account
I poked around with the links, and it sent me to this site:
I note that the actual domain name isn't really PayPal, but some random combination of characters. Should I assume that this is a scam, and an attempt to steal my password (were such a thing to exist)?
Posts: 1907 | Registered: Feb 2000
| IP: Logged |
posted
Forward it to spoof@paypal.com They'll tell you if it was an actual message from them. Which it certainly isn't. The sooner you forward it to them, the better chance they have of shutting down the perps before they actually manage to dupe anyone.
The same holds true for most other reputable sites, "spoof@" and "abuse@" are almost universal ("spoof@" is currently prefered, but go ahead and forward to both if you don't know for sure which is right) addresses for reporting these kinds of fake messages from a business domain.
Posts: 763 | Registered: Aug 1999
| IP: Logged |
posted
An https connection does not necessarily mean any encryption; one of the negotiated levels of security (that a server could have set as the only level it supports) is as follows:
quote:No encryption, MD5 message authentication only. This cipher suite uses MD5 message authentication to detect tampering. It is typically supported in case a client and server have none of the other ciphers in common.
This cipher suite is supported by SSL 3.0 but not by SSL 2.0.
Don't base your trust on the use of https. Demand sites that you have decided to trust use https, but don't rely on it at all.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
You probably have a keylogger now. NEVER follow these phishing emails. Scan your system with a virus scanner *and* a spyware scanner ASAP
Posts: 7085 | Registered: Apr 2001
| IP: Logged |
quote:Originally posted by The Pixiest: You probably have a keylogger now. NEVER follow these phishing emails. Scan your system with a virus scanner *and* a spyware scanner ASAP
Yes. This happened to my sister-in-law. Fortunately, the worst that happened was that she lost control of her yahoo email account, but it could have been a lot worse. She could have compromised banking information, instead of just losing all the emails that her boyfriend (now husband) sent her when he was stationed in Iraq.
posted
Never, ever, ever click on a link from an e-mail like that. If you get one about an account you actually have, such as paypal or ebay or whatever, go to the site yourself and check your messages.
PayPal does not send links in their e-mails, ever, for just this reason.
Posts: 7790 | Registered: Aug 2000
| IP: Logged |
posted
I got a disturbing new type of spam the other day. It said "regarding your loan request". I sincerely hope it was the loan request they hope I was going to make, rather than one they think I have already made, but I decided it would be foolish to open it so I deleted it. Anyone else get one like that yet?
Posts: 6246 | Registered: Aug 2004
| IP: Logged |
posted
I went to the link withmy Norton fraud monitoring on and it called the site a fraud, so I'd say definitely a scam.
Posts: 130 | Registered: Jan 2007
| IP: Logged |
quote:Originally posted by The Pixiest: You probably have a keylogger now. NEVER follow these phishing emails. Scan your system with a virus scanner *and* a spyware scanner ASAP
You can't get a keylogger from a website unless there's a security hole in your browser (possible, but fairly rare), or you download an executable file from an unreliable source and run it (much, much more common). Just saying.
Virus and spyware scanners are pretty much a necessity if you're running Windows, whether you go to this kind of url or not.
Posts: 1810 | Registered: Jan 1999
| IP: Logged |
quote:Originally posted by A Rat Named Dog: I got an e-mail purporting to be from PayPal about a problem with my account. Of course, the real problem is that I don't remember ever setting up a PayPal account
I poked around with the links, and it sent me to this site:
I note that the actual domain name isn't really PayPal, but some random combination of characters. Should I assume that this is a scam, and an attempt to steal my password (were such a thing to exist)?
Never go to links like that. They can put all sorts of garbage on your computer. I suggest that you run a heavy-duty spyware checker now to clean off the crud they put on your computer.
Posts: 12266 | Registered: Jul 2005
| IP: Logged |
posted
Mike: If one keeps their browser up to date, yeah, they're pretty safe. But how many people don't even bother with automatic updates?
I don't think anyone would at work if we weren't on to them all the time about it. I know my husband wouldn't even have a virus scanner much less automatic updates if I didn't do it for him.
Keyloggers are VERY common and it's easy to get them from a website. Exploits are well known, especially between the time Microsoft announces the fix and when people get around to rebooting their computer after the update.
Always keep your browser (automatic with IE) up to date. Always keep your computer up to date. Have a virus/spyware scanner and keep it up to date. And you're prolly safe.
Posts: 7085 | Registered: Apr 2001
| IP: Logged |