Recently, a blogger acquaintance of mine got his Gmail account hacked into and hijacked. The hijacker then proceeded to send out scam emails to this blogger’s contacts, basically asking for money. My friend, Richard, may have been a victim of phishing. As a result, he couldn’t access his Blogger account either, so he had to create a whole new blog.
I’ve also received quite a number of phishing attempts, but there’s one that almost convinced me it was authentic. The email came from a spoofed address (service@paypal.com), so it passed through my spam filters. However, after reading through half the letter, it felt like it didn’t come from PayPal. For one, there was no greeting. Two, there were several grammatical errors. Here’s the email in toto:
to < ...>
date Nov 14, 2007 9:35 PM
subject PayPal Accounts Review Department.
We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address.If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However if you are the rightful holder of the account,click on the link below to log into the account and follow the instructions.
https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-runIf you choose not to complete the request, you give us no choice but to suspend your account temporary.
It takes at least 72 hours for the investigation in this case and we strongly recommend you to verify your account at that time.
If you received this notice and you are not the authorized account holder, please be aware that it is in violation of PayPal policy to represent oneself as an other PayPal user.Such action may also be in violation of local, national, and/or international law. PayPal is committed to assist law enforcement with any inquires related attempts to missapropriate personal information with the intent to commit fraud or theft. Information will be provided at the request or law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.
Thanks for your patience as we work together to protect your account.
PayPal Account Review Department.
Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.
PayPal Email ID PP00145
That URL was hyperlinked to somewhere else. I checked, but didn’t click! Instead, as per PayPal’s advice published on their site, I forwarded this fraudulent email to them. A representative of PayPal responded promptly, confirming that it was indeed a phishing attempt.
Be extra careful with your online credentials (usernames, passwords, access codes). If I hadn’t been attentive enough, I could’ve had my PayPal account wiped out!
8:36 pm on 15 Nov 2007
i suggest we should carefully scrutinize every e-mail we receive. May it be fraud or not.
another tip, check your address bar before posting any vital information, specially passwords and e-mails. Don’t post your e-mail address anywhere.
As for richard, let this incident be a lesson. Hehehhee.
8:39 pm on 15 Nov 2007
One helluva lesson! One he won’t forget soon, I’m sure…
11:21 am on 16 Nov 2007
I usually receive this kind of email on my Spam section. Its very obvious because all Paypal newsletter don’t go to the spam section. I usually ignore and delete them.
Also an advice to those who are checking their mails on internet cafes, when you logged in to your email accounts always click “Never on This Site” if your using Firefox when it asks to save you password. And if possible clear the cache and cookies just encase before you logged out from the cafe.
4:29 pm on 16 Nov 2007
You’re an Amazing Blogger…
4:31 pm on 17 Nov 2007
i have a new home.. check it out!
5:28 pm on 18 Nov 2007
Congrats, richard!