Email Security Guide by Mike Restivo (Ebay "mtronics4u")

This basic guide describes how to identify false Paypal emails sent to you, either Ebay buyer or Ebay seller.  The purpose of these so-called "spoofs" or "spams" or "phishing" emails is to firstly convince you of their legitimacy and then under one subterfuge or another to get you to enter you Paypal username and password into a form to fill-in, or just one line innocently placed in the message to receive the personal data. 

Information can be gathered by entering your Paypal username and password on a fill-in-the-fields or spaces form which resides actually at a non-Paypal web site.  Here the user information can be harvested directly at the site immediately. 

Another method is to have the user response forwarded as an email response.  The email address will not be the official Paypal address, but some may ignore this difference, believing the given email address is an intermediate customer service center authorized by Paypal.  There are no such centers.

This official looking (in the original) email example falsely claims that the user's account has been put on limited access for some reason then directs the recipient to the "resolution center", but the URL address is not that of the legitimate Paypal resolution center.  The respondent will then be asked to enter his or her username and password under some innocent pretext, then the username and password will be immediately and unknowingly saved for use by the fraudster. 

Now, the fraudster can use the user's Paypal  username and password to send all the money in the User's Paypal account to the fraudster's email address, which is already registered with Paypal.  After the successfull transfer, the email account and Paypal account are closed by the fraudster.  New email and Paypal accounts are later opened by the fraudster under new names and the scam is run again ... and again .... and again.  Be informed and thusly be protected.

Fraud Sample #1

-------------------------------------------------------------------------------------------

PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

Why is my account access limited?

Your account access has been limited for the following reason(s):

Dec. 31, 2005: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

(Your case ID for this reason is PP-157-679-861.)

How can I restore my account access?

Please visit [phoney web link removed] and complete the instructions.

Completing all of the instructions will restore your account access.

We thank you for your prompt attention to this matter.
Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Sincerely,

PayPal Account Review Department

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any page. If your inquiry is regarding a claim, just visit the Resolution Center link above.

-------------------------------------------------------------------------------------------

Fraud Sample #2

This second example is designed as an uneditable table and so cannot be reproduced with the several URL links removed.  The user is informed that they have purchased one or more items, in an official looking Paypal email, which purchase may or may not be "suspicious" reads the bogus Paypal email. 

The purchase is of course false, so the recipient will want to inform Paypal of such ... and a web link URL is provided ... the only way to cancel the phoney sale ... it is stated.  Clicking on this seemingly innocent and legitimate Paypal address will redirect the user to a fraudulent web site immediately upon clicking on the link.  From that point, the usual fill-in-the-username and password scam is played and the user's account gets looted as soon and as much as possible.

These fraudulent emails are all about getting the user to reveal their username and password.  Never do this unless you are confirmed logged in at the legitimate Paypal web site.  When in doubt, ask Paypal for help.  They will confirm or deny the phoney claims that these fraudsters use to get you to divulge your username and password in the first place.  For verified Paypal users, even your chequing account at your bank can be looted, so guard your Paypal username and password most carefully.

Fraud Sample #3

-----------------------------------------------------------------------------------------

"Warning Notification Dear" valued PayPal® member:

It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension.
Please update your records on or before November 19, 2005.

Once you have updated your account records, your PayPal® session will not be interrupted and will continue as normal.

To update your PayPal® records click on the following link [phoney, non-Paypal link removed]:

XXXXXX

----------------------------------------------------------------------------------------

Fraud Sample #4

This type of fraud is represented by an official looking Paypal email that appears to be text but is actually one integrated picture, uneditable, clicking anywhere on it will open either a URL link to the fraudster's web site, or an email to the fraudster.  In this case the subterfuge is that suspicious activity has been allegedly detected on the user's account and all access to it has been blocked.  To re-instate the account in good standing, it reads, click the phoney hyperlink given ... and so as the scam proceeds in the usual way.

Never click anywhere on any text in email or a web page when the cursor changes from pointer, i.e. arrow head, for reading to hyperlink indicator, i.e. pointing index finger, for web address jumping.  Passing the cursor over the suspect text to observe it's changes and sub text descriptions is safe.