PayPal Scam

I wanted to share a PayPal scam email that I found in my inbox, and how you can tell that it is a scam.

Dear PayPal customer, 

Our company has intended a new feature that will improve the Online Banking security. Upgrading our systems will help protect our customers accounts from 3rd-party access and reduce fraud. This process has started on 14th January, 2011 and will be closed on 19th January, 2011.

All our members are required to update their account profile for the new databases. Filling our online form will take about 3-5 minutes from your time.

To access our profile update form click on the following link to login to your account:

Click here to go to the online form

Please note that failure in updating your profile will result in account suspension.

Alison Grudzinski,
IT Assistant Manager,
PayPal Inc.


____________
Now . . . how to tell that this is a scam email
First, companies like PayPal or credit cards will NEVER send you and email asking you to update your information.
Second, if there was a new PayPal feature upgrade, there would be information on it when you logged into your account.  No need for an email if you just tell people about it when they log in.
Third, the window of when it started to when it ends is VERY small.  They do this to make you want to rush and go and update your account right away, instead of keeping the email in your account for months.
Fourth, the click here to go to the online form.  Again, if there really was an upgrade, they would ask you to log into your account, and you would already know how to do that and where to go, so no need for a link.
And last, the link itself.  I have removed the link from the “Click here” wording so that no one will go there, but when it was active you could hover your cursor over it, and you would be able to see where it REALLY points to, and it is NOT a PayPal site.
Here is an image of what the site would look like if you would have clicked on the link.
They make it look like it really is PayPal, but the URL address is not PayPal.
These types of scams are called Phishing scams (pronounced Fishing)

 

Emails from your email provider . . . or are they

Have you ever been without your email, and felt totally unconnected to the world.  You could be missing some important information, and it is all because you cannot get into your account.

A popular scam right now preys on that fear people have of not being able to get at their email accounts, and to make these scams work the scammers make it look like the emails are coming from your email provider.  The emails will tell you that you have exceeded your mailbox quota or that someone has attempted to access your email account.  Either way, the email then asks for you to update your information within a set amount of time or your email account with be closed permanently.

If there ever was a real problem with your email account, your provider would not send you an email about it, and they would not set a time limit on when you have to respond by.  Not everyone checks their email daily, or even weekly, so if they are telling you to complete the task by a set date they are doing it to scare you into moving fast, without looking into things first.

If you do get an email like this, and you are worried that there really COULD be a problem with your email account, call the customer service number for your email provider . . . but do not call any customer service numbers listed in the email  . . . those will be fake also.  Use a search engine to look up the customer service number so that you know for sure that you are contacting the right people to check on your account.

Look inside your emails

I have never claimed to be a internet or computer know it all, so I have learned to do some research and look to those who do know more on the “technical” side of how things work when I need to. When I decided I wanted to talk to my readers about the information inside of an email, spoofing, hacking and IP addresses I knew I was entering into a world that I am not comfortable with . . . seriously, all of the technical talk starts to sound like “blah, blah, blah” to me. So that is when I contact my friend and fellow scam fighter at CyberCrimeOps.com

Ironically, he wrote an article just this month about a LOT of the things that I wanted to touch on. Here is a sample . . .

Some of you reading this article may have seen news reports of people getting alarming email messages from their friends.

Tales such as “Help, I’m stranded in Nigeria and need money” have come to many people as a surprise in recent months, and the trend seems to getting more widespread. The messages are coming directly from the email accounts of someone you know, and at first glance it may seem real. The truth, once discovered, is that the email account has been taken over (hacked [link]) by a fraudster, and the solicitations for money being sent out are a simple fraud. One question that seems lost in all of these news reports is “how did this happen?” — Let’s investigate this a little further and shed some light into this dark corner.

From Hack To Phish

Hacking covers a wide range of techniques, such as Security exploit; Vulnerability scanner; Packet Sniffer; Spoofing attack; Rootkit; Social engineering; Trojan horse; Virus; Worm and Key loggers; but for the purpose of this article we will concentrate on only one of these, social engineering.

“Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim.” (Source Wikipedia: [link])

Phishing [link] of course, comes under the general umbrella of social engineering and is a technique of fraudulently obtaining private information. People may associate Phishing with financial institutions (banks, credit cards and credit unions), eBay, PayPal and others due to a great many reports in press. However, one form of this phishing hides in relative obscurity, and asks not for banking details, but for your email account login credentials. If you get one of these emails, it may actually look very real indeed.

To read the rest of this article, go to CyberCrimeOps.com

Scam fighting – 2010

As 2009 comes to a close and we enter into 2010 I wanted to share the New Year’s Resolution that we have at Scam Victims United . . . to bring scam education and awareness to people across the country.

One of the ways that we plan to do this is with events called Scam Jam. These events are the brainchild of Chuck Whitlock an investigative reporter, author and speaker. If you have ever been to a Home and Garden Show or Wedding Expo, imagine that same experience and setting focusing on scams and fraud. There are presentations, workshops and speakers on various topics such as

ID Theft
Internet Scams
Investment Fraud
Health Care Scams
Bank Fraud
Elder Fraud
Charity Scams
Mortgage Fraud
Phishing Scams
Credit Card and Check Schemes
Contractor Fraud
Food/Supplement Fraud
Mail Fraud

Presenters include local media personalities sharing their best investigative reporting stories that expose scams, law enforcement groups, lawyers and legal experts, and even former scam victims sharing their story of victimization to recovery. Beyond the workshops and presentations, people attending a Scam Jam can interact with Consumer Protection groups in the Exhibitors Room. These professionals can assist them with their scam and fraud related questions, and offer then resources to assist them recovery efforts. You may even be able to purchase one of Chuck Whitlock’s investigative books that exposes scams or books by other presenters.

Scam Jam is a one stop shop for education and resources on scams, fraud and consumer protection.

We are currently scheduling dates for Scam Jam events for 2010. If your school, business or company would like to host a Scam Jam at your facility, or if you are a professional in the area of scam fighting and consumer protection that would like to be a part of a Scam Jam in your area, please contact us.

Shawn Mosch
Co-Founder of ScamVictimsUnited.com
There is strength in numbers!

Find us on Twitter, Facebook and more through
http://www.retaggr.com/page/ShawnMosch

Support Scam Victims United by shopping at
http://shopittous.blogspot.com/

Stay safe from scams at the holidays

This information can be found at
http://www.ic3.gov/media/2009/091130.aspx

This holiday season the Federal Bureau of Investigation ( FBI) is reminding people that cyber criminals continue to aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, and sale of fraudulent or stolen gift cards through auction sites at a discounted price.

Fraudulent Classified Ads or Auction Sales
Internet criminals post classified ads or auctions for products they do not have. If you receive an auction product from a merchant or retail store, rather than directly from the auction seller, the item may have been purchased with someone else’s stolen credit card number. Contact the merchant to verify the account used to pay for the item actually belongs to you.

Shoppers should be cautious and not provide financial information directly to the seller, as fraudulent sellers will use this information to purchase items for their scheme from the provided financial account. Always use a legitimate payment service to protect purchases.

As for product delivery, unfamiliar Web sites or individuals selling reduced or free shipping to customers through auction sites many times are deemed to be fraudulent. In many instances, these Web sites or sellers provide shipping labels to their customers as a service. However, the delivery service providers are ultimately not being paid to deliver the package; therefore, packages shipped by the victims using these labels are intercepted by delivery service providers because they are identified as fraudulent.

Diligently check each seller’s rating and feedback along with their number of sales and the dates on which feedback was posted. Be wary of a seller with 100% positive feedback, if they have a low total number of feedback postings and all feedback was posted around the same date and time.

Gift Card Scam
Be careful about purchasing gift cards from auction sites or through classified ads. If you need a gift card, it is safest to purchase it directly from the merchant or another authorized retail store. If the gift card merchant discovers the card you received from another source or auction was initially obtained fraudulently, the merchant will deactivate the gift card number and it will not be honored for purchases.

Phishing and Smishing Schemes
Be leery of e-mails or text messages you receive indicating a problem or question regarding your financial accounts. In this scam, you are directed to follow a link or call the number provided in the message to update your account or correct the problem. The link actually directs the individuals to a fraudulent Web site or message that appears legitimate where any personal information you provide, such as account number and PIN, will be stolen.

Another scam involves victims receiving an e-mail message directing the recipient to a spoofed Web site. A spoofed Web site is a fake site or copy of a real Web site and misleads the recipient into providing personal information, which is routed to the scammer’s computers.

Tips
Here are some tips you can use to avoid becoming a victim of cyber fraud:

Do not respond to unsolicited (spam) e-mail.

Do not click on links contained within an unsolicited e-mail.

Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan the attachments if possible.

Avoid filling out forms contained in e-mail messages that ask for personal information.

Always compare the link in the e-mail to the link you are actually directed to and determine if they actually match and will lead you to a legitimate site.

Log on directly to the official Web site for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.

Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine.

To receive the latest information about cyber scams, please go to the FBI Web site and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.IC3.gov.

For more information on e-scams, please visit the FBI’s New E-Scams and Warnings webpage at http://www.fbi.gov/cyberinvest/escams.htm.

Phishing scam hitting hard

From http://www.annarbor.com/news/community-driven-credit-union-says-customers-falling-victim-to-phishing-scam/

The Community Driven Credit Union in Pittsfield Township has frozen the bank accounts of 20 to 30 of its customers in recent days after they provided sensitive information to suspected scam artists.

The phishing scam – involving e-mails and text messages – appears to be hitting Washtenaw County hard since last week.

Many people have reported receiving the messages, which warn them their accounts have been frozen. They’re directed to call a number and are then prompted to provide bank and debit card information.

The majority of the messages appear to reference the Community Driven Credit Union. Kevin Finneran, president and CEO of the credit union, said even his wife and daughter received the text messages.

The scam also appears to be impacting the Chelsea State Bank. Michigan State Police Sgt. Tony Cuevas said today at least 3 people have reported similar scams involving the Chelsea bank.

One man said he received an automated message that his bank account was frozen, and when he called, he was directed to enter his 16-digit debit card number, Cuevas said.

On Tuesday, the president of the Ypsilanti Area Federal Credit Union said the credit union has heard from at least 50 customers who received suspicious messages.

Finneran said his credit union has talked to 50 to 60 customers, and 20 to 30 of them provided their banking information by computer or phone to the scam artists. Their accounts were frozen, and new cards are being issued.

Finneran said the bulk of those who received the text messages appear to be Sprint customers. He said the credit union has spoken to the Pittsfield Township Police Department and state Attorney General’s office, and also is spreading the word about the scam to help customers avoid being victimized.

“It probably started last Thursday or Friday,” Finneran said of the calls. “If people provided information, we’re immediately taking steps to secure their accounts. We’re also doing everything we can to make people aware.”

Barrie Kiser, marketing manager for the credit union, said the e-mail can appear convincing because it has a screen shot of the credit union’s home banking system. But the address is wrong, and the information it requests to log in also is different.

Officials at the banks stressed this week that they never gather information from ttheir customers via text or e-mail, so customers should never respond to such messages.

Anyone who received the messages and provided information should immediately contact their bank or credit union and local police department.

The Anti-Phishing Working Group also offers some advice on what to do if you’ve been scammed and how to report it.