Warning about Paypal

Please be on the lookout. There is an email floating around asking or telling you to update your Paypal security details.....Its false, so please don't open it or use it.

 

I dont agree with pay pal its a direct debit where they can take whatever they want when ever suits them. They never stick to the dates you agee with them.

 

Sadly there are lots of those sort of phishing emails around. I get them all the time asking me to update my contact details from high street banks that I have never had an account with.

Normally if I hover my mouse of the link in the Email I see a little yellow tooltip popup with the actual address of the link (or if I'm reading email online then the address shows in my browser's status bar, down the bottom.

Of course most of the time they don't show PayPal or Big Bank Name in the address at all, but more likely

http://www.YetAnotherNigerianScam.com/hhhhhhuuuuuugggggeeeeeeNumber

just in case that helps anyone decide whether something is genuine or not.

If you think it is genuine you can also go to the site normally, using your favourites or whatever, WITHOUT clicking through the EMail link, and I'm sure you will be able to do whatever action they need via that route. Or by phone.

eBay (and I think PayPal too, put my full name at the top of the email, which should only be known to them, and not to the spammers (who have stolen my Email address from someone I traded with via eBay [usually using some MalWare or a Virus])

But all that is fine for a techie like me, I am sure not so second-nature to ordinary mortals (i.e. you normal folk!)

 

I've had those type from banks and sent them to the bank for them to check if they're proper or not. As far as I'm aware paypal don't ask for your security details in emails so don't click on any links in a mail thats asking for those details. If you do get an email asking for security details give paypal a ring they're pretty helpful on the phone (I had to ring them once) they'll tell you where to forward the email to for them to check.

 

Thanks for that tweaky, and Kristen. I've had a couple from paypal recently - but not to update my security. I deleted them without opening as wasn't interested in the latest offer(though I do use paypal occassionally).

Sooooo, when it is a genuine paypal e-mail, it should read ' paypal.com' (etc) in the bar down the bottom of my screen, but if not, it'll not say paypal in it? (I am a mere mortal, as if it needs stated! )

 

You can more or less know whether its a genuine email...they won't be asking for details of your account or updating it.

I get a load asking me to update my Halifax Bank details.....erm...excuse me...I don't have an account with the Halifax:D

kristen

I knew this one was a scam straight away as it was sent to my hotmail addy and not the one I use for paypal.:thumb:

I suppose that's one of the down sides of hotmail accounts, you get all sorts of junk at times. But I have to admit, their filter for spam is a lot better than it used to be. Of course the best way is by using Mailwasher, but you have to pay for it now....and I don't believe in paying for progs, it's against my religion:rolleyes:

 

i have had one of those from paypal just ignored and deleted it, i also get bank ones, halifax etc delete them too, thanks for the warning tweaky

 

"As far as I'm aware paypal don't ask for your security details in emails"

I'd put it more strongly than that: No company should ask for that, and even if they did you could phone them to make the changes, or go to their site manually and do it from there.

"If you do get an email asking for security details give paypal a ring they're pretty helpful on the phone (I had to ring them once) they'll tell you where to forward the email to for them to check."

I tried to do that with Google - I had a suspicious email and found their "phishing report" email address on their website, forwarded it as instructed, and got an automated reply back saying, in effect, "Your email has been classed as spam and has been rejected". Great!


"Sooooo, when it is a genuine paypal e-mail, it should read ' paypal.com' (etc) in the bar down the bottom of my screen, but if not, it'll not say paypal in it? (I am a mere mortal, as if it needs stated!)"

Unfortunately not quite that foolproof :(

When you hover over a link your browser, or mail reader like Outlook, it will show you the address of the link. However, it is possible to use additional characters to try to fool the user, so something like

http://www.EBAY.com:www.YetAnotherNigerianScam.com/hhhhhhuuuuuugggggeeeeeeNumber

here the "colon" is being used to separate a bogus domain name from the real, scam, domain name further along the link. It is allow possible to replace individual letters with "%99" (where the 99 is numeric and/or the letters A-F), so that can hide the Scam domain name :(

Most of the links contain a code unique to you, so if you click on it you are telling the spammers that they hit a real email address (which they can sell to other people for higher value as "active") and that you are potentially interested in that message/subject.

Its a blinking minefield, and was invented by people who were honest and never gave a moments thought to the ways it could be misused :(

I don't really know of any particularly good advice to give you other than don't click through the emails, open your browser, use your favourites to get to the site, and go from there, manually. A good spam filter should get rid of many of them.

 

Ny best advice would be....never open an email if you don't know the sender..when you do know the sender...if they are asking you to do anything...Don't.:thumb:

 

Never follow a link in an email to a page that takes your security details. No company would ask you to do that, and it is the easiest thing in the world to fake.

There are tonnes of these "phishing" emails doing the rounds. Remember:
* If you visit a bank/credit card/any financial website, you put the website address in manually (don't follow an email link)
* NEVER disclose financial or personal details by email. Email is not a secure way to transfer data. All companies are required by law (Data Protection Act 1990) to ensure that your personal data is secure, so it is actually illegal for them to ask you to send such details in an email.
* Look at the website address when you do any transactions to make sure you haven't been diverted somewhere else. Only trust it if you know it.
* If you buy stuff on line, try to use a credit card rather than a debit card, as by law (Consumer Credit Act) you are automatically covered for transactions over £100.
* If you do trade online, make sure your machine is running a good anti-virus suite, firewall and spyware detection suite
* If you run Windows (most do), use FireFox as your web browser instead of Internet Explorer. It is free and has been proven to be more secure than Internet Explorer.
* Most importantly, don't take my word for it. I am a professional computer programmer so I know what I'm talking about here, but you only have my word for that

 

Excellent advice...but just to mention debit cards. There used to be no protection but now there are lots of companies signed up to "Verified by Visa online shopping" this guarantee's the same protection as a credit card.:thumb:

 

I hadn't realised that, but that in itself raises another point to watch out for. A web page is easy to make (about 5 minutes for a basic one, with no programming skill required). It is easy to add official looking logos and to even fake official looking site (just right mouse click on this page and choose "view source" from the popup menu, you can then see exactly how the page is set up).

I haven't looked into the "Verified by Visa" thing, but a similar example is the online travel agent scam from a few months back. There was some advice published to look for the ABTA and ATOL logos, both of which can be added to a page by an amateur in a few minutes. In the ATOL and ABTA example, you can go to the ATOL and ABTA websites and search for the number quoted to verify the site. I'm not sure if there is a similar feature with VISA.

 

With the verified by visa thingy. You get a pop up window also showing a phrase that you inputted when using the facility...if that is correct you also have to enter a password...so its reasonably secure and does cover purchasing using a debit card.:thumb:

Also using FF as you know, there are facilities that show you secure sites and whether you are moving from an encrypted page etc, etc.

I always recommend to people to use FireFox...I think peeps are daft staying with IE.:thumb:

Having said that, I think a lot of non tech people are frightened of downloading a different browser as they don't understand that they can use IE as well as another one. Just wish folks would ask sometimes. But there ya go.

 

A lot of non techies don't even realise there are alternatives, never mind how to get them and install them. Unfortunately many don't ask because they aren't even aware that there is a question to be asked. All we can do is try to nudge them in the right direction when things like this come up

 

And try to inform them in plain English without any tech replies yea.:thumb: