I got a message from Paypal with the subject “Help PayPal to avoid any kind of fraud” but I’m a bit suspicious: is this a legitimate way that Paypal is trying to get my help to avoid online scams, or is it a scam itself?
I know what email you received, and you’re right, it’s a scam. To be more specific, it’s a “phishing” attempt by some hackers in Russia to get your Paypal account credentials (login and password) so that they can hack your account. Do ont click on the link, do not react to this message other than to simply delete it!
Here’s what it explains, reasonably enough: “We have noticed an increasing fraudulent activity recently In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access.”
[Paypal is a US-based company, so its team would have written “unauthorized” with a ‘z’ not an ‘s’, by the way]
The message continues: “To complete your Anti-Fraud Protection, you must click the link below and enter as more information as possible to provide your complete identification and to activate all the features of the new system.”
They did a good job with the phishing message I received. The return address of the message is “PayPal <service@intl.paypal.x.com>” and if you know your Paypal history, “x.com” was a competitor that it acquired in the early days of the biz. Are they still using the domain? Yes, but only for Paypal labs (did you know that? I didn’t!), but still, it’s not a “.ru” domain that immediately would tip you off.
However, if you were to click on the link that is shown as “https://www.paypal.com/” you’d actually go here:
(I skipped about forty digits to show you the full URL)
Ignore all the jazz at the front, ignore the session ID, and just look at the very end of the URL: “ssl89.ru”. That’s not Paypal, that’s not X.com and that’s not eBay.
It’s these delinquents in Russia.
As I’ve said many times before, be vigilant and do not click on links in these sort of message, however legitimate and sensible they may seem.
If you maintain a list of email addresses used by fraudsters you should add naonlygod2009@aol.com He pleaded with me to send my camera to his son with the promise of prompt payment. The notice supposedly from Paypal was outright fraud. I am in my mid 70’s and the loss was very significant for me.
I have received similar mails too.
Paypal, the real company, always addresses their customers with their name, so if such emails do not do that, it’s the first sign of something not being quite ok.
Actually, there is an action that you can take regarding this.
Paypal maintains an email address for reporting this sort of thing. It is: spoof@paypal.com
All you need do is forward the message on to them.