Paypal Scam

By SNGX1275
Jan 18, 2007
Post New Reply
  1. I know we've had a thread on this before, but it was a few years back. Plus its not going to hurt to have another result in google for someone searching.

    I use Outlook XP at work where I get my mail from an Exchange server. Messages are scanned at the server level and flagged if they have spam, this takes care of 95% of my spam mail. But today I got a paypal scam, thought I'd document what it looked like for those of you that haven't gotten one yet, and a refresher for those that have.

    Mail message:
    [​IMG]

    Actual e-mail:
    [​IMG]

    Had a pretty good idea this was spam at this point. But I decided to view source for fun.
    Code:
    <HTML>
    <TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0>
    <TBODY>
    <TR vAlign=top>
    <TD><IMG height=35 alt=PayPal 
    src="http://images.paypal.com/en_US/i/logo/email_logo.gif"  
    width=255 border=0></TD>
    </TR></TBODY></TABLE>
    <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
    <TBODY>
    <TR>
    <TD width="100%" background=http://images.paypal.com/images/bg_clk.gif> 
    <IMG height=29
    src="http://images.paypal.com/images/pixel.gif"  width=1 
    border=0></TD></TR>
    <TR>
    <TD><IMG height=10 src="http://images.paypal.com/images/pixel.gif"  
    width=1 
    border=0></TD></TR></TBODY></TABLE>
    <TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0>
    <TBODY>
    <TR vAlign=top>
    <TD width=400>
    <TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
    <TBODY>
    <TR vAlign=top>
    <TD>
    <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
    <TBODY>
    <TR>
    <TD class=pp_heading align=left><BR> Security Center 
    Advisory!</TD></TR></TBODY></TABLE></TD></TR>
    <TR>
    <TD><BR> We recently noticed one or more attempts to log in to your PayPal 
    account from a
    foreign IP address and we have reasons to belive that your account was 
    hijacked
    by a third party without your authorization. If you recently accessed your 
    account while 
    traveling, the unusual log in
    attempts
    may have been initiated by you.<BR>
    <BR>If you are the rightful holder of the account you must <B>click the 
    link below</B> and 
    then complete all steps from
    the following page as we try to verify your identity.<BR><BR>
    <TABLE cellSpacing=0 cellPadding=1 width="75%" align=left bgColor=#ffe65c 
    border=0>
    <TBODY>
    <TR>
    <TD>
    <TABLE cellSpacing=0 cellPadding=4 width="100%" align=center 
    bgColor=#fffecd border=0>
    <TBODY>
    <TR>
    <TD class=pp_sansserif align=middle><A target="_blank"  
    href="http://3560217410/www.paypal.com/cgi-bin/webscr_cmd=_login-run4928/" 
    onclick="return ShowLinkWarning()"  
                           >Click here to verify your
    account</A></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><BR><BR><BR><BR>If 
    you choose 
    to ignore our request, you
    leave us no choise but to temporaly suspend
    your account.<BR><BR>Thank you for using PayPal!</TD></TR>
    <TR>
    <TD>
    <HR class=dotted>
    </TD></TR>
    <TR>
    </TR>
    <TR>
    <TD><SPAN class=pp_footer>PayPal Email ID 
    PP268</SPAN></TD>
    </TR></TBODY></TABLE></TD>
    <TD><IMG height=1 src="http://images.paypal.com/en_US/i/scr/pixel.gif"  
    width=10 
    border=0></TD>
    <TD vAlign=top width=190></HTML>
    
    So the address had some numbers tossed up in front of it, that didn't look right. I copied the link from there and opened it in Opera.

    I know this is large, but its important to show that the page looked normal, except for the address.

    Screenshot:
    [​IMG]
    [​IMG]

    I'm not sure if Opera will check that site for fraud on its own, I had to manually check it. When I did I noticed the perform fraud check automatically box wasn't checked.

    Fraud Check:
    [​IMG]

    I'm not sure how IE handles it, so if someone feels their IE is sufficiently safe they can paste the url from the code box above and test it. I just didn't feel like fighting any malware that may come with visiting that site.

    So things to check for are:
    Are you the only one the email was sent to?
    Are there misspellings in the body?
    What does the address look like?
    Will it pass fraud check, or whatever your browser does?
  2. Jack Tucker

    Jack Tucker Newcomer, in training

    Thanks. I get a "LOT" of scams. Up to 4 or 5 a day.
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    The most important thing to remember is, that PayPal will ALWAYS address ANY official email from them with your own "Firstname Lastname".

    Any emails that start with Dear Member, Dear Subscriber, Dear PayPal Customer, or whatever, are with 100% guarantee a SCAM.
  4. Liquidlen

    Liquidlen TechSpot Paladin Posts: 1,646

    I was also told that the address for the 'REAL' Paypal ALWAYS begins "HTTPS" It is the "S" that must be there to be authentic.
  5. Jack Tucker

    Jack Tucker Newcomer, in training

    PayPal Scam.
    Thanks for your input. I get a lot of scams.
  6. twite

    twite TechSpot Paladin Posts: 1,083

    I've gotten this before. I recommend you report it to paypal.
  7. SNGX1275

    SNGX1275 TS Forces Special Topic Starter Posts: 12,419   +281

    Eh, I don't care enough to report them. But somehow I did care enough to post it up here. So I am doing some good, just trying to inform people that may not know. And since we seem to get so many people here that found us by Google results, this has the possibility of helping anyone who thinks they may be getting scammed.

    I imagine most of our active userbase is able to pick up on scams like this pretty easy.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.